You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by im dolor <im...@yahoo.com> on 2004/07/12 23:27:08 UTC
How to configure a TrustManager for tomcat?
Hello,
I would like to be able to use CRL checking in Tomcat.
I thought that I would implement my own trust manager
which would download the crl and check against it
every time the checkXXXTrusted method is called.
However, I do not see anywhere in the configuration
where it would be possible to cause Tomcat to use this
trust manager. I see that there is a parameter in the
connector to set the SSLServerSocket factory. I
suppose that I could implement my own socket factory
that used my own TrustManager. However, I see that the
dcoumentation calims that i must use the catalina
version of this class. Why is that? Can I change it?
Thank you for your help.
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: log file problem
Posted by Tim Funk <fu...@joedog.org>.
I don't think so.
-Tim
Jitesh Sinha wrote:
> If the log files become full does it create problem with the application?
> Like session parameters coming as null or request attributes coming as null
> even though they exist there in the session and request respectively?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
log file problem
Posted by Jitesh Sinha <js...@cisco.com>.
If the log files become full does it create problem with the application?
Like session parameters coming as null or request attributes coming as null
even though they exist there in the session and request respectively?
TIA,
-Jitesh
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: How to configure a TrustManager for tomcat?
Posted by Bill Barker <wb...@wilshire.com>.
"im dolor" <im...@yahoo.com> wrote in message
news:20040713182254.67837.qmail@web14523.mail.yahoo.com...
> So then could I extend
> org.apache.tomcat.util.net.JSSEImplementation to
> create my own implementation and override the
> getServerSocketFactory() to create one that uses my
> custom trust manager? Does that sound right to you?
>
Pretty much. You could probably extend the o.a.t.u.net.jsse classes as well
(which makes it really easy to configure Tomcat to use your own
TrustManager).
> Will that only work with tomcat 5? Is there something
> that I can do that will be compatible with both 4 and
> 5? Our application is currently running on 4 but we
> plan on moving to 5 in the (near?) future.
>
Both TC 4 and 5 use the same Connector code (and, for that matter, so does
TC 3.3 :), so this is a one-size-fits-all project. The only difference is
the configuration to use your class. The option is:
sSLImplementation="com.myfirm.mypackage.MySSLImplementation".
For TC 4, you set it on the Factory and for TC 5 you set it on the
Connector.
> Thanks for your help.
>
>
> Monika.
>
>
> --- Bill Barker <wb...@wilshire.com> wrote:
> > Firstly, the only SSLServerSocketFactory that
> > actually does anything is the
> > one for the deprecated HttpConnector in TC 4. With
> > the CoyoteConnector, it
> > is possible to plug in your own SSLImplementation
> > (which, among other
> > things, would allow you to install your own
> > TrustManager), but most people
> > find this to be too much work.
> >
> > Of course, if you want to implement your own
> > SecurityProvider, than that is
> > another means to install your own TrustManager ;-).
> >
> > "im dolor" <im...@yahoo.com> wrote in message
> >
> news:20040712212708.77367.qmail@web14522.mail.yahoo.com...
> > > Hello,
> > >
> > > I would like to be able to use CRL checking in
> > Tomcat.
> > > I thought that I would implement my own trust
> > manager
> > > which would download the crl and check against it
> > > every time the checkXXXTrusted method is called.
> > > However, I do not see anywhere in the
> > configuration
> > > where it would be possible to cause Tomcat to use
> > this
> > > trust manager. I see that there is a parameter in
> > the
> > > connector to set the SSLServerSocket factory. I
> > > suppose that I could implement my own socket
> > factory
> > > that used my own TrustManager. However, I see that
> > the
> > > dcoumentation calims that i must use the catalina
> > > version of this class. Why is that? Can I change
> > it?
> > >
> > > Thank you for your help.
> > >
> > >
> > >
> > >
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > New and Improved Yahoo! Mail - 100MB free storage!
> > > http://promotions.yahoo.com/new_mail
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > tomcat-user-help@jakarta.apache.org
> >
> >
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: How to configure a TrustManager for tomcat?
Posted by im dolor <im...@yahoo.com>.
So then could I extend
org.apache.tomcat.util.net.JSSEImplementation to
create my own implementation and override the
getServerSocketFactory() to create one that uses my
custom trust manager? Does that sound right to you?
Will that only work with tomcat 5? Is there something
that I can do that will be compatible with both 4 and
5? Our application is currently running on 4 but we
plan on moving to 5 in the (near?) future.
Thanks for your help.
Monika.
--- Bill Barker <wb...@wilshire.com> wrote:
> Firstly, the only SSLServerSocketFactory that
> actually does anything is the
> one for the deprecated HttpConnector in TC 4. With
> the CoyoteConnector, it
> is possible to plug in your own SSLImplementation
> (which, among other
> things, would allow you to install your own
> TrustManager), but most people
> find this to be too much work.
>
> Of course, if you want to implement your own
> SecurityProvider, than that is
> another means to install your own TrustManager ;-).
>
> "im dolor" <im...@yahoo.com> wrote in message
>
news:20040712212708.77367.qmail@web14522.mail.yahoo.com...
> > Hello,
> >
> > I would like to be able to use CRL checking in
> Tomcat.
> > I thought that I would implement my own trust
> manager
> > which would download the crl and check against it
> > every time the checkXXXTrusted method is called.
> > However, I do not see anywhere in the
> configuration
> > where it would be possible to cause Tomcat to use
> this
> > trust manager. I see that there is a parameter in
> the
> > connector to set the SSLServerSocket factory. I
> > suppose that I could implement my own socket
> factory
> > that used my own TrustManager. However, I see that
> the
> > dcoumentation calims that i must use the catalina
> > version of this class. Why is that? Can I change
> it?
> >
> > Thank you for your help.
> >
> >
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > New and Improved Yahoo! Mail - 100MB free storage!
> > http://promotions.yahoo.com/new_mail
>
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: How to configure a TrustManager for tomcat?
Posted by Bill Barker <wb...@wilshire.com>.
Firstly, the only SSLServerSocketFactory that actually does anything is the
one for the deprecated HttpConnector in TC 4. With the CoyoteConnector, it
is possible to plug in your own SSLImplementation (which, among other
things, would allow you to install your own TrustManager), but most people
find this to be too much work.
Of course, if you want to implement your own SecurityProvider, than that is
another means to install your own TrustManager ;-).
"im dolor" <im...@yahoo.com> wrote in message
news:20040712212708.77367.qmail@web14522.mail.yahoo.com...
> Hello,
>
> I would like to be able to use CRL checking in Tomcat.
> I thought that I would implement my own trust manager
> which would download the crl and check against it
> every time the checkXXXTrusted method is called.
> However, I do not see anywhere in the configuration
> where it would be possible to cause Tomcat to use this
> trust manager. I see that there is a parameter in the
> connector to set the SSLServerSocket factory. I
> suppose that I could implement my own socket factory
> that used my own TrustManager. However, I see that the
> dcoumentation calims that i must use the catalina
> version of this class. Why is that? Can I change it?
>
> Thank you for your help.
>
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> New and Improved Yahoo! Mail - 100MB free storage!
> http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org