> >
> > If anyone has a strong objection to this new compile-time dependency, we
> > could roll-back quite easily, or find a clean way to refactor it so that
> > if you don't want HTTPS support you don't need JSSE.
> Actually, I have. JSSE is extremely annoying to download, and can't be
> redistributed either. So I think we should use some pluggable socket
> factories instead (with a compilation switch).
I agree that JSSE is an inconvenient download, but it is available in both
export and US/Canada-only strength versions. As a standard java extension
(i.e, a javax.* package), Sun is encouraging other implementations to be
developed and made available (there may be some now, I haven't looked).
Isn't JSSE a "pluggable socket factory" already? If you see a clean way to
way to do the "compilation switch", let's do it. One alternative I
considered is simply to use the reflection API so you don't need the classes
to compile, but that seemed a bit much, but I guess it's doable. There's
really only a couple of lines that change.
