Hi, I'm writing to announce the alpha release of commons-ssl-0.3.4. I'm writing to "commons-dev@jakarta.apache.org" because I think commons-sandbox would be a great home for this library. The library itself is derived from some HttpClient code originally written by Oleg Kalnichevski.
http://juliusdavies.ca/commons-ssl/ Here are a few features of note: 1. This library gives you the ability to read OpenSSL style private keys using only pure Java. It even works with Java 1.3. I tried to encrypt the same RSA private keys in as many ways as possible (106 so far!) with OpenSSL to test this: http://juliusdavies.ca/commons-ssl/samples/rsa_result.html 2. The library automatically does CRL checking. (We hope to add support for OCSP soon!). 3. All options can be toggled on a per-socket-factory basis. So for one SSLSocketFactory you might have setCheckHostname( false ), and on another you might have setCheckExpiry( false ) if you like. 4. Can be dropped into any project easily because we extend SSLSocketFactory and SSLServerSocketFactory. For example, to use as an "ldaps://" client you just define your own extremely basic sub-class: ============================= package my.special.package; public class LDAPSocketFactory extends SSLClient { public static SocketFactory getDefault() { return instance; } private final static LDAPSocket instance; static { try { instance = new LDAPSocket(); } catch ( Exception e ) { throw new RuntimeException( e ); } } private LDAPSocket() throws GeneralSecurityException, IOException { TrustMaterial tm = new TrustMaterial( "/path/to/corporate/ldap.pem" ); setTrustMaterial( tm ); // We ONLY trust our "ldap.pem". cacerts ignored! KeyMaterial km = new KeyMaterial( "/path/to/pkcs12.der", "secret".toCharArray() ); setKeyMaterial( km ); // Maybe our "ldaps://" requires client certs? } } ============================= And then tell Java to use it like so: env.put( "java.naming.ldap.factory.socket", "my.special.package.LDAPSocketFactory" ); Java looks for the static getDefault() method when you provide a SocketFactory like that to the LDAP stuff. I already have a personal CLA on file with Apache. I'm not sure what's up with the Corporate CLA / Software Grant my employer (Credit Union Central of British Columbia) sent in August. Last time I checked, CUCBC has yet to recieve a signed copy for their own records. -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]