Hi, Asankha, In about two hours I will release version 0.3.7 of "not-yet-commons-ssl":
http://juliusdavies.ca/commons-ssl/ The new version will include the ability to get the SSLContext object. It also includes several HostnameVerifier implementations to play with, but you'll have to call that hostname verification explicitly yourself with the X509Certificate you extracted from your SSL session. Here's how it will look: ========================================= SSLClient client = new SSLClient(); // Let's trust usual "cacerts" that come with Java. Plus, let's also trust a self-signed cert // we know of. We have some additional certs to trust inside a java keystore file. client.addTrustMaterial( TrustMaterial.DEFAULT ); client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) ); client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks", "changeit".toCharArray() ) ); // To be different, let's allow for expired certificates (not recommended). client.setCheckExpiry( false ); // default setting is "true" for SSLClient client.setCheckCRL( true ); // default setting is "true" for SSLClient // Let's load a client certificate (max: 1 per SSLClient instance). client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx", "secret".toCharArray() ) ); // Get the SSLContext object to feed into the SSL-NIO module: SSLContext context = client.getSSLContext(); // [later....] String hostname = "mydomain.com"; X509Certificate cert = extractFromSSLSession(); // however you do that // It will throw an SSLException if verification fails. HostnameVerifier.DEFAULT.check( hostname, cert ); ========================================= yours, Julius On 2/22/07, Asankha C. Perera <[EMAIL PROTECTED]> wrote:
Hi I have integrated the NIO SSL module with Apache Synapse and things works great! My questions are on how one should perform hostname verification and client authentication when using the niossl module. Would someone be able to let me know how I could do this? thanks asankha --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
