Thanks Oleg. That pointed me in the right direction. To start with this is what I did.
1. I implemented a custom IOEventDispatch extending the SSLClientIOEventDispatch class 2. In the createSSLIOSession method I used the session attributes (remote hostname etc) to lookup a map and select one of several existing SSLContext objects (SSLContext objects are initialized at startup and stored in a map) 3. I used the selected SSLContext to create the SSLIOSession object This seems to be working fine. What do you think about this approach? Can there be any situations where this may not work. Thanks, Hiranya On Wed, Jul 22, 2009 at 2:22 PM, Oleg Kalnichevski <[email protected]> wrote: > On Wed, Jul 22, 2009 at 10:39:15AM +0530, Hiranya Jayathilaka wrote: > > Hi Devs, > > > > I'm working on Apache Synapse which uses HTTP Core NIO. Currently out > HTTPS > > transport makes use of one SSL context (initialized from a > > keystore/truststore pair). We want to extend that to support multiple SSL > > contexts. For example when Synapse connects to server A it will use one > SSL > > context and when it connects to server B it will use another SSL context. > > > > I did an initial implementation of the above feature using multiple > > IOReactors (ConnectingIOReactor implementations) where each IOReactor is > > associated with its own IOEventDispatch and this solution works fine. > > However it would be great if we can do this without using multiple > > IOReactors. Is this achievable? What is the best way to handle multiple > SSL > > contexts with HTTP Core? > > > > Hiranya, > > I do not think multiple IOReactors are needed. One can use a custom > IOEventDispatch in order to set up SSL contexts for outgoing connections on > a > case by case basis. > > Something along this line: > > public class MySSLClientIOEventDispatch implements IOEventDispatch { > > ... > > public void connected(final IOSession session) { > > SSLContext sslContext; > > InetSocketAddress remoteAddress = (InetSocketAddress) > session.getRemoteAddress(); > String hostname = remoteAddress.getHostName(); > > if (hostname.equalsIgnoreCase("host-a")) { > sslContext = SSLContext.getInstance("SSLv2"); > sslContext.init(null, null, null); > } else if (hostname.equalsIgnoreCase("host-b")) { > sslContext = SSLContext.getInstance("SSLv3"); > sslContext.init(null, null, null); > } else { > sslContext = SSLContext.getInstance("TLSv1"); > sslContext.init(null, null, null); > } > > SSLIOSession sslSession = new SSLIOSession(session, sslContext, > this.sslHandler); > ... > } > > } > > One can provide additional configuration information to the dispatcher at > the > construction time such as DNS hostname to keystore mapping (or DNS hostname > to > cert alias mapping when using just one keystore). > > Hope this helps > > Oleg > > > > > Thanks, > > -- > > Hiranya Jayathilaka > > Software Engineer; > > WSO2 Inc.; http://wso2.org > > E-mail: [email protected]; Mobile: +94 77 633 3491 > > Blog: http://techfeast-hiranya.blogspot.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Hiranya Jayathilaka Software Engineer; WSO2 Inc.; http://wso2.org E-mail: [email protected]; Mobile: +94 77 633 3491 Blog: http://techfeast-hiranya.blogspot.com
