Hello, I finished reworking the TLS factories as I was going to do. Changes are: * better javadocs * previously duplicate code moved into common classes * weak/anonymous ssl ciphers are no longer enabled, it was a dangerous thing to do * client socket factory boasts server identity verification feature (weak and looks wrong though, I don't know if/where Sun has implementation of complete SSL restrictions checking) * client socket factory no longer has an option to authenticate-clients, it didn't make sense to anyone on the list * configuration format changed to include all SSLSocketContext related items as a separate element, backward compatibility provided * keystores can be loaded from any location on the filesystem to allow placing keystores outside .sars, javadocs describes why it makes sense
Minor word of caution: I only ran it with java 1.4. I didn't figure out where to put JSSE jars so that phoenix can see them when my app is running. It didn't take them jre's ext directory where they were happily found by javac. I was appalled by idea of packaging them into my .sar. Better ideas? The sources are below. I thought about making patches, but it didn't make much sense since the patches would be bigger then the replacements and nobody worked on the files in the meantime. Thanks Greg
tls-sockets.tar.gz
Description: Binary data
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
