On Wed, 2013-02-27 at 17:10 +0530, Prasad Jeewantha wrote: > Hi all, > There is an SSL Certificate Verification feature (OCSP/CRL) I want to > implement in Apache Synapse which uses http-core-nio project as a > dependency. In Synapse when creating an *SSLContext* it takes * > truststore.jks* and the *keystore.jks* as arguments. In the class * > org.apache.http.impl.nio.reactor.SSLIOSession* it creates an *SSLEngine*from > *sslContext.createSSLEngine(hostname, port) *method. When debugging Synapse > I can see the TrustManagers and KeyManagers in SSLEngine. *Please tell me > how the TrustManagers and KeyManagers are used in http-core-nio project*.
Jeewantha HttpCore does not do anything special with regards to trust verification and authentication with a private key. It relies on the standard mechanisms provided by JSSE. > I want to verify whether the root certificate in the Peer certificate chain > is in the TrustStore. I am not sure whether this is already implemented. > Thanks in advance. > Jeewantha. > Standard JSSE trust manager considers a certificate chain trusted if at least one cert in the chain is trusted. It does not have to be the root cert. If you are absolutely sure that you have to verify validity of the root cert, you should implement a custom TrustManager and use it instead of the default implementation. Hope this helps Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
