You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Darrel Drake <EB...@jp.ibm.com> on 2001/03/22 07:36:20 UTC

Tomcat SSL Socket factory -- more independent

Hi, I use Tomcat 3.2 with SSL and I ran into a problem when executing using
IBM's JSSE implementation. Namely, in the default configuration, the Sun
classes are referenced directly, so you CAN'T use IBM JSSE on the server
side in this case. I changed the source so that you can run either
implementation. Ideally ANY implementation of JSSE can be run on this
class, since only the javax.net and javax.net.ssl packages are referenced.
Also, I enhanced it to add session properties to the ServletRequest under
the names recommended in the JSSE 1.0.2 specification.

I'm aware that there's a new interceptor mechanism in v3.3m2, but I'm not
yet sure whether the same problems exist. It appears that the source tree
got re-arranged since 3.2 release and it's totally confusing to navigate
now. If this is still needed in 3.3 and someone would be nice enough to
commit it I'd appreciate it highly. If this change is useful to those who
use v3.2 please feel free to use it and give me feedback. The name on this
file is different so you can try it out and switch back if you want.

1. Compile the TomcatSSLSocketFactory.java to something that's on your
classpath
2. Change your server.xml line to read like this:
            <Parameter name="socketFactory"
                value="com.ibm.trl.util.net.TomcatSSLSocketFactory" />
3. Set your JAVA_HOME to point to a JVM with either Sun or IBM JSSE
installed
4. Restart Tomcat
5. Run a test client (I attached one) using an https URL
6. Do 3-5 again with a JVM loaded with the other JSSE

Implementation notes: Initially I just copied the
"org.apache.tomcat.net.SSLSocketFactory" class into another file and
replaced all the "sun"s with "ibm"s, and it worked perfectly well. Then I
realized that you don't even have to call those proprietary classes; you
can simply set the Java environment variables inside the code, because the
first call to ServerSocketFactory.getDefault() will look for those values.
So instead of loading keystore files and constructing key- and
trust-managers, I just set those variables (System.setProperty
("xxx","yyy")) and let the default method do all that itself. It seems to
work totally fine under JDK 1.2 or 1.3 with either IBM or Sun JSSE
installed (4 test cases).

Darrell Drake*
IBM Japan, TRL
+81-46-215-4175
EB92401@jp.ibm.com
* - Notes ID has a misspelling of my name
(See attached file: TomcatSSLSocketFactory.java)(See attached file:
ReadURL.java)