On Wed, Jul 22, 2009 at 02:35:49PM +0530, Hiranya Jayathilaka wrote: > Thanks Oleg. That pointed me in the right direction. To start with this is > what I did. > > 1. I implemented a custom IOEventDispatch extending the > SSLClientIOEventDispatch class > 2. In the createSSLIOSession method I used the session attributes (remote > hostname etc) to lookup a map and select one of several existing SSLContext > objects (SSLContext objects are initialized at startup and stored in a map) > 3. I used the selected SSLContext to create the SSLIOSession object > > This seems to be working fine. What do you think about this approach? Can > there be any situations where this may not work. > > Thanks, > Hiranya >
Hi Hiranya, Sounds reasonable. I cannot see any potential issues. Oleg > > On Wed, Jul 22, 2009 at 2:22 PM, Oleg Kalnichevski <[email protected]> wrote: > > > On Wed, Jul 22, 2009 at 10:39:15AM +0530, Hiranya Jayathilaka wrote: > > > Hi Devs, > > > > > > I'm working on Apache Synapse which uses HTTP Core NIO. Currently out > > HTTPS > > > transport makes use of one SSL context (initialized from a > > > keystore/truststore pair). We want to extend that to support multiple SSL > > > contexts. For example when Synapse connects to server A it will use one > > SSL > > > context and when it connects to server B it will use another SSL context. > > > > > > I did an initial implementation of the above feature using multiple > > > IOReactors (ConnectingIOReactor implementations) where each IOReactor is > > > associated with its own IOEventDispatch and this solution works fine. > > > However it would be great if we can do this without using multiple > > > IOReactors. Is this achievable? What is the best way to handle multiple > > SSL > > > contexts with HTTP Core? > > > > > > > Hiranya, > > > > I do not think multiple IOReactors are needed. One can use a custom > > IOEventDispatch in order to set up SSL contexts for outgoing connections on > > a > > case by case basis. > > > > Something along this line: > > > > public class MySSLClientIOEventDispatch implements IOEventDispatch { > > > > ... > > > > public void connected(final IOSession session) { > > > > SSLContext sslContext; > > > > InetSocketAddress remoteAddress = (InetSocketAddress) > > session.getRemoteAddress(); > > String hostname = remoteAddress.getHostName(); > > > > if (hostname.equalsIgnoreCase("host-a")) { > > sslContext = SSLContext.getInstance("SSLv2"); > > sslContext.init(null, null, null); > > } else if (hostname.equalsIgnoreCase("host-b")) { > > sslContext = SSLContext.getInstance("SSLv3"); > > sslContext.init(null, null, null); > > } else { > > sslContext = SSLContext.getInstance("TLSv1"); > > sslContext.init(null, null, null); > > } > > > > SSLIOSession sslSession = new SSLIOSession(session, sslContext, > > this.sslHandler); > > ... > > } > > > > } > > > > One can provide additional configuration information to the dispatcher at > > the > > construction time such as DNS hostname to keystore mapping (or DNS hostname > > to > > cert alias mapping when using just one keystore). > > > > Hope this helps > > > > Oleg > > > > > > > > > Thanks, > > > -- > > > Hiranya Jayathilaka > > > Software Engineer; > > > WSO2 Inc.; http://wso2.org > > > E-mail: [email protected]; Mobile: +94 77 633 3491 > > > Blog: http://techfeast-hiranya.blogspot.com > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > -- > Hiranya Jayathilaka > Software Engineer; > WSO2 Inc.; http://wso2.org > E-mail: [email protected]; Mobile: +94 77 633 3491 > Blog: http://techfeast-hiranya.blogspot.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
