You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Ralf Hauser (JIRA)" <ax...@ws.apache.org> on 2005/10/18 13:15:52 UTC

[jira] Commented: (AXIS-1982) enhance client Call interface to use non-global truststore for SSL

    [ http://issues.apache.org/jira/browse/AXIS-1982?page=comments#action_12332350 ] 

Ralf Hauser commented on AXIS-1982:
-----------------------------------

similarly, also allow to set per thread:
- "javax.net.ssl.trustStorePassword"
- "javax.net.ssl.keyStore"
- "javax.net.ssl.keyStorePassword"
- "javax.net.ssl.keyStoreType"
- "javax.net.ssl.trustStoreType"
- "java.protocol.handler.pkgs"

in order to avoid cipher-strength-downgrading attacks against SSL-handshakes, see als AXIS-2216

> enhance client Call interface to use non-global truststore for SSL
> ------------------------------------------------------------------
>
>          Key: AXIS-1982
>          URL: http://issues.apache.org/jira/browse/AXIS-1982
>      Project: Apache Axis
>         Type: New Feature
>   Components: Basic Architecture
>  Environment: any
>     Reporter: Ralf Hauser

>
> The descriptions how to enable SSL for axis (or its client), all appear to base on setting the truststore for the entire JVM and not just the corrent thread as per
>      System.setProperty("javax.net.ssl.trustStore","C:\\jdk1.3\\bin\\client.keystore");
> or even worse adding the relevant certificates to JVMs default <java-home>/lib/security/cacerts for all JVMs running on a particular machine.
> It would be great to have http://ws.apache.org/axis/java/apiDocs/org/apache/axis/client/Call.html enhanced with a method to use a non-global truststore/keystore.
> This could be very much along the lines of http://issues.apache.org/bugzilla/show_bug.cgi?id=34391 or rather the approach taken with org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory 
> see also: - http://issues.apache.org/bugzilla/show_bug.cgi?id=34391
> - http://marc.theaimsgroup.com/?l=axis-user&m=110445139319630&w=2
> - http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html
> - http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira