Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
Bill Barker wrote:
I'm for removing support for PureTLS, since it is largely
unmaintained at the moment. But the abstraction is usefull to be
able to support SSL providers (e.g. Mozilla meantioned above) that
don't implement JSSE. It wasn't about getting removing it from the
NIO Connecter, just making the signature not depend on JSSE. So for
JSSE, something like:
public SSLSupport getNioSSLSupport(Socket sock) {
return factory.getSSLSupport(((SSLSocket)sock).getSession());
}
I guess what I'm confused about is the signature change and the name
of the method.
With NIO there is no such thing as an SSLSocket, but the method name
indicates that the method is used only for NIO.
With NIO you have access to the SSLSession, through the SSLEngine.
The concept of SSLSocket doesn't exist, since the
encryption/decryption happens outside of the realm of sockets.
There appears to be general agreement on removing the TLS stuff. I'll
get that done.
Re the abstraction, I have done some background reading and our
current socket based SSL abstraction just won't work for NIO.
Option 1 is to provide an NIO compatible transport independent SSL
abstraction, an implementation of the abstraction using JSSE and
re-write the NIO (and possibly the BIO) connector to use it. However,
this would be a lot of work for little gain.
Given that the NIO connector is hard coded to use JSSE anyway, options
2 is to modify the NIO connector to go straight to the JSSE
implementation, bypassing the abstraction. That would enable the JSSE
specific code to be removed from the abstraction, allowing other
non-JSSE socket based SSL implementations for the BIO connector should
anyone feel so inclined. At a later point if someone has an itch to
implement option 1 then there would be nothing stopping them.
I'll start working up a patch - it should be simple. Thoughts?
yes, have it go to JSSE directly, I doubt that will change anytime soon
anyway.
Filip
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Filip Hanik - Dev Lists wrote:
Bill Barker wrote:
I'm for removing support for PureTLS, since it is largely unmaintained
at the moment. But the abstraction is usefull to be able to support
SSL providers (e.g. Mozilla meantioned above) that don't implement
JSSE. It wasn't about getting removing it from the NIO Connecter,
just making the signature not depend on JSSE. So for JSSE, something
like:
public SSLSupport getNioSSLSupport(Socket sock) {
return factory.getSSLSupport(((SSLSocket)sock).getSession());
}
I guess what I'm confused about is the signature change and the name of
the method.
With NIO there is no such thing as an SSLSocket, but the method name
indicates that the method is used only for NIO.
With NIO you have access to the SSLSession, through the SSLEngine. The
concept of SSLSocket doesn't exist, since the encryption/decryption
happens outside of the realm of sockets.
There appears to be general agreement on removing the TLS stuff. I'll get
that done.
Re the abstraction, I have done some background reading and our current
socket based SSL abstraction just won't work for NIO.
Option 1 is to provide an NIO compatible transport independent SSL
abstraction, an implementation of the abstraction using JSSE and re-write
the NIO (and possibly the BIO) connector to use it. However, this would be
a lot of work for little gain.
Given that the NIO connector is hard coded to use JSSE anyway, options 2 is
to modify the NIO connector to go straight to the JSSE implementation,
bypassing the abstraction. That would enable the JSSE specific code to be
removed from the abstraction, allowing other non-JSSE socket based SSL
implementations for the BIO connector should anyone feel so inclined. At a
later point if someone has an itch to implement option 1 then there would
be nothing stopping them.
I'll start working up a patch - it should be simple. Thoughts?
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Bill Barker wrote:
"Filip Hanik - Dev Lists" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Bill Barker wrote:
"Mark Thomas" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Author: markt
Date: Tue Jan 29 13:18:25 2008
New Revision: 616522
URL: http://svn.apache.org/viewvc?rev=616522&view=rev
Log:
Tab police. No function change
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
Before I spend any more time looking at
http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I correct in
thinking that PureTLS has never been part of of the TC6 build and that I
could just remove these four files instead?
If we do want to keep PureTLS support the main problem appears to be
http://svn.apache.org/viewvc?view=rev&revision=428884 which added a JSSE
dependency into o.a.t.util.net.SSLImplementation
As far as I can tell, PureTLS doesn't support nio anyway so...
Thoughts?
I remember that there was talk of removing PureTLS support. The PureTLS
library isn't actively developed anymore (some security fixes, but not
much else), and it still depends on a hacked version of Cryptix. But
nobody has stepped up to actually remove it.
That having been said, I'd prefer to remove the JSSE dependancy from
SSLImplementation, since it makes it nearly impossible to develop a
non-JSSE SSLImplementation (e.g. I there was talk of developing one for
Mozilla's SSL stack, but nothing ever happened). Without having thought
it out much, something like changing
abstract public SSLSupport getSSLSupport(SSLSession session);
to
abstract public SSLSupport getNioSSLSupport(Socket sock);
if we are gonna remove it, why remove it only for one connector. The code
used is the same by both the BIO and the NIO connector
not sure we need the abstraction at all
I'm for removing support for PureTLS, since it is largely unmaintained at
the moment. But the abstraction is usefull to be able to support SSL
providers (e.g. Mozilla meantioned above) that don't implement JSSE. It
wasn't about getting removing it from the NIO Connecter, just making the
signature not depend on JSSE. So for JSSE, something like:
public SSLSupport getNioSSLSupport(Socket sock) {
return factory.getSSLSupport(((SSLSocket)sock).getSession());
}
I guess what I'm confused about is the signature change and the name of
the method.
With NIO there is no such thing as an SSLSocket, but the method name
indicates that the method is used only for NIO.
With NIO you have access to the SSLSession, through the SSLEngine. The
concept of SSLSocket doesn't exist, since the encryption/decryption
happens outside of the realm of sockets.
Filip
I just prefer to keep where we have plug-in structure such as here, that we
don't just throw it away in favor of only supporting Sun's solution.
In the JSSE case, you can get the SSLSession from the Socket, so it would
be a small change to the existing code.
same code can be reused for both connectors.
Filip
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
+1,
I think the PureTLS support is not usefull anymore, but the proposed
API change looks well.
Peter
Am 30.01.2008 um 06:16 schrieb Bill Barker:
"Filip Hanik - Dev Lists" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Bill Barker wrote:
"Mark Thomas" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Author: markt
Date: Tue Jan 29 13:18:25 2008
New Revision: 616522
URL: http://svn.apache.org/viewvc?rev=616522&view=rev
Log:
Tab police. No function change
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/
PureTLSImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/
PureTLSSocket.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/
PureTLSSocketFactory.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/
PureTLSSupport.java
Before I spend any more time looking at
http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I
correct in
thinking that PureTLS has never been part of of the TC6 build
and that I
could just remove these four files instead?
If we do want to keep PureTLS support the main problem appears
to be
http://svn.apache.org/viewvc?view=rev&revision=428884 which
added a JSSE
dependency into o.a.t.util.net.SSLImplementation
As far as I can tell, PureTLS doesn't support nio anyway so...
Thoughts?
I remember that there was talk of removing PureTLS support. The
PureTLS
library isn't actively developed anymore (some security fixes,
but not
much else), and it still depends on a hacked version of Cryptix.
But
nobody has stepped up to actually remove it.
That having been said, I'd prefer to remove the JSSE dependancy from
SSLImplementation, since it makes it nearly impossible to develop a
non-JSSE SSLImplementation (e.g. I there was talk of developing
one for
Mozilla's SSL stack, but nothing ever happened). Without having
thought
it out much, something like changing
abstract public SSLSupport getSSLSupport(SSLSession session);
to
abstract public SSLSupport getNioSSLSupport(Socket sock);
if we are gonna remove it, why remove it only for one connector.
The code
used is the same by both the BIO and the NIO connector
not sure we need the abstraction at all
I'm for removing support for PureTLS, since it is largely
unmaintained at
the moment. But the abstraction is usefull to be able to support SSL
providers (e.g. Mozilla meantioned above) that don't implement
JSSE. It
wasn't about getting removing it from the NIO Connecter, just
making the
signature not depend on JSSE. So for JSSE, something like:
public SSLSupport getNioSSLSupport(Socket sock) {
return factory.getSSLSupport(((SSLSocket)sock).getSession());
}
I just prefer to keep where we have plug-in structure such as
here, that we
don't just throw it away in favor of only supporting Sun's solution.
In the JSSE case, you can get the SSLSession from the Socket, so
it would
be a small change to the existing code.
same code can be reused for both connectors.
Filip
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
"Filip Hanik - Dev Lists" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Bill Barker wrote:
>> "Mark Thomas" <[EMAIL PROTECTED]> wrote in message
>> news:[EMAIL PROTECTED]
>>
>>> [EMAIL PROTECTED] wrote:
>>>
Author: markt
Date: Tue Jan 29 13:18:25 2008
New Revision: 616522
URL: http://svn.apache.org/viewvc?rev=616522&view=rev
Log:
Tab police. No function change
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
>>> Before I spend any more time looking at
>>> http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I correct in
>>> thinking that PureTLS has never been part of of the TC6 build and that I
>>> could just remove these four files instead?
>>>
>>> If we do want to keep PureTLS support the main problem appears to be
>>> http://svn.apache.org/viewvc?view=rev&revision=428884 which added a JSSE
>>> dependency into o.a.t.util.net.SSLImplementation
>>>
>>> As far as I can tell, PureTLS doesn't support nio anyway so...
>>>
>>> Thoughts?
>>>
>>>
>>
>> I remember that there was talk of removing PureTLS support. The PureTLS
>> library isn't actively developed anymore (some security fixes, but not
>> much else), and it still depends on a hacked version of Cryptix. But
>> nobody has stepped up to actually remove it.
>>
>> That having been said, I'd prefer to remove the JSSE dependancy from
>> SSLImplementation, since it makes it nearly impossible to develop a
>> non-JSSE SSLImplementation (e.g. I there was talk of developing one for
>> Mozilla's SSL stack, but nothing ever happened). Without having thought
>> it out much, something like changing
>>abstract public SSLSupport getSSLSupport(SSLSession session);
>> to
>>abstract public SSLSupport getNioSSLSupport(Socket sock);
>>
> if we are gonna remove it, why remove it only for one connector. The code
> used is the same by both the BIO and the NIO connector
> not sure we need the abstraction at all
>
I'm for removing support for PureTLS, since it is largely unmaintained at
the moment. But the abstraction is usefull to be able to support SSL
providers (e.g. Mozilla meantioned above) that don't implement JSSE. It
wasn't about getting removing it from the NIO Connecter, just making the
signature not depend on JSSE. So for JSSE, something like:
public SSLSupport getNioSSLSupport(Socket sock) {
return factory.getSSLSupport(((SSLSocket)sock).getSession());
}
I just prefer to keep where we have plug-in structure such as here, that we
don't just throw it away in favor of only supporting Sun's solution.
>
>> In the JSSE case, you can get the SSLSession from the Socket, so it would
>> be a small change to the existing code.
>>
> same code can be reused for both connectors.
>
> Filip
>>
>>> Mark
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Bill Barker wrote: "Mark Thomas" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Author: markt Date: Tue Jan 29 13:18:25 2008 New Revision: 616522 URL: http://svn.apache.org/viewvc?rev=616522&view=rev Log: Tab police. No function change Modified: tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java Before I spend any more time looking at http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I correct in thinking that PureTLS has never been part of of the TC6 build and that I could just remove these four files instead? If we do want to keep PureTLS support the main problem appears to be http://svn.apache.org/viewvc?view=rev&revision=428884 which added a JSSE dependency into o.a.t.util.net.SSLImplementation As far as I can tell, PureTLS doesn't support nio anyway so... Thoughts? I remember that there was talk of removing PureTLS support. The PureTLS library isn't actively developed anymore (some security fixes, but not much else), and it still depends on a hacked version of Cryptix. But nobody has stepped up to actually remove it. That having been said, I'd prefer to remove the JSSE dependancy from SSLImplementation, since it makes it nearly impossible to develop a non-JSSE SSLImplementation (e.g. I there was talk of developing one for Mozilla's SSL stack, but nothing ever happened). Without having thought it out much, something like changing abstract public SSLSupport getSSLSupport(SSLSession session); to abstract public SSLSupport getNioSSLSupport(Socket sock); if we are gonna remove it, why remove it only for one connector. The code used is the same by both the BIO and the NIO connector not sure we need the abstraction at all In the JSSE case, you can get the SSLSession from the Socket, so it would be a small change to the existing code. same code can be reused for both connectors. Filip Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
"Mark Thomas" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > [EMAIL PROTECTED] wrote: >> Author: markt >> Date: Tue Jan 29 13:18:25 2008 >> New Revision: 616522 >> >> URL: http://svn.apache.org/viewvc?rev=616522&view=rev >> Log: >> Tab police. No function change >> >> Modified: >> >> tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java >> >> tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java >> >> tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java >> >> tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java > > Before I spend any more time looking at > http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I correct in > thinking that PureTLS has never been part of of the TC6 build and that I > could just remove these four files instead? > > If we do want to keep PureTLS support the main problem appears to be > http://svn.apache.org/viewvc?view=rev&revision=428884 which added a JSSE > dependency into o.a.t.util.net.SSLImplementation > > As far as I can tell, PureTLS doesn't support nio anyway so... > > Thoughts? > I remember that there was talk of removing PureTLS support. The PureTLS library isn't actively developed anymore (some security fixes, but not much else), and it still depends on a hacked version of Cryptix. But nobody has stepped up to actually remove it. That having been said, I'd prefer to remove the JSSE dependancy from SSLImplementation, since it makes it nearly impossible to develop a non-JSSE SSLImplementation (e.g. I there was talk of developing one for Mozilla's SSL stack, but nothing ever happened). Without having thought it out much, something like changing abstract public SSLSupport getSSLSupport(SSLSession session); to abstract public SSLSupport getNioSSLSupport(Socket sock); In the JSSE case, you can get the SSLSession from the Socket, so it would be a small change to the existing code. > Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
[EMAIL PROTECTED] wrote: Author: markt Date: Tue Jan 29 13:18:25 2008 New Revision: 616522 URL: http://svn.apache.org/viewvc?rev=616522&view=rev Log: Tab police. No function change Modified: tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java Before I spend any more time looking at http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I correct in thinking that PureTLS has never been part of of the TC6 build and that I could just remove these four files instead? If we do want to keep PureTLS support the main problem appears to be http://svn.apache.org/viewvc?view=rev&revision=428884 which added a JSSE dependency into o.a.t.util.net.SSLImplementation As far as I can tell, PureTLS doesn't support nio anyway so... Thoughts? Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Author: markt
Date: Tue Jan 29 13:18:25 2008
New Revision: 616522
URL: http://svn.apache.org/viewvc?rev=616522&view=rev
Log:
Tab police. No function change
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java?rev=616522&r1=616521&r2=616522&view=diff
==
---
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
Tue Jan 29 13:18:25 2008
@@ -35,8 +35,8 @@
public class PureTLSImplementation extends SSLImplementation
{
public PureTLSImplementation() throws ClassNotFoundException {
- // Check to see if PureTLS is floating around somewhere
- Class.forName("COM.claymoresystems.ptls.SSLContext");
+// Check to see if PureTLS is floating around somewhere
+Class.forName("COM.claymoresystems.ptls.SSLContext");
}
public String getImplementationName(){
@@ -45,12 +45,12 @@
public ServerSocketFactory getServerSocketFactory()
{
- return new PureTLSSocketFactory();
+return new PureTLSSocketFactory();
}
public SSLSupport getSSLSupport(Socket s)
{
- return new PureTLSSupport((SSLSocket)s);
+return new PureTLSSupport((SSLSocket)s);
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java?rev=616522&r1=616521&r2=616522&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java Tue
Jan 29 13:18:25 2008
@@ -37,7 +37,7 @@
// constructor since this class is only used with
// implAccept
public PureTLSSocket() throws IOException {
- super();
+super();
}
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java?rev=616522&r1=616521&r2=616522&view=diff
==
---
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
Tue Jan 29 13:18:25 2008
@@ -44,7 +44,7 @@
extends org.apache.tomcat.util.net.ServerSocketFactory
{
static org.apache.commons.logging.Log logger =
-
org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class);
+
org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class);
static String defaultProtocol = "TLS";
static boolean defaultClientAuth = false;
static String defaultKeyStoreFile = "server.pem";
@@ -58,71 +58,71 @@
}
public ServerSocket createSocket(int port)
- throws IOException
+throws IOException
{
- init();
- return new SSLServerSocket(context,port);
+init();
+return new SSLServerSocket(context,port);
}
public ServerSocket createSocket(int port, int backlog)
- throws IOException
+throws IOException
{
- init();
- ServerSocket tmp;
-
- try {
- tmp=new SSLServerSocket(context,port,backlog);
- }
- catch (IOException e){
- throw e;
- }
- return tmp;
+init();
+ServerSocket tmp;
+
+try {
+tmp=new SSLServerSocket(context,port,backlog);
+}
+catch (IOException e){
+throw e;
+}
+return tmp;
}
public ServerSocket createSocket(int port, int backlog,
-InetAddress ifAddress)
- throws IOException
+ InetAddress ifAddress)
+throws IOException
{
- init();
- return new SSLServerSocket(context,port,backlog,ifAddress);
+init();
+return new SSLServerSocket(context,port,backlog,ifAddress);
}
private void init()
- throws IOException
+throws IOException
{
- if(context!=null)
- return;
-
- boolean clientAuth=defaultClientAuth;
-
- try {
- S
