At 17:28 23/8/01 -0600, Christopher Cain wrote:
>Wolfgang Hoschek wrote:
> >
> > Sorry, I am posting to tomcat-dev although not subscribed...
> >
> > Two suggestions:
> >
> > - Perhaps it is a good idea to also describe in the SSL HOWTO ways to
> > configure SSL without stuffing libs into jre/lib/ext. Some sites run
> > multiple versions/vendors of jdks, TC, JSSE, et al from (secure) read-only
> > shared file systems. In such an environment products and versions are
> > delibarately kept separate from each other in order to avoid having to
> > maintain countless permutations. Startup scripts "link" everything together
> > via env vars. This is also convenient to test different permutations. The
> > jre/lib/ext mechanism is not an option, due too the read-only nature.
>
>Hmmm ... that's interesting. It's true that the JSSE libs don't
>necessarily have to be an installed extension, and it's easy enough to
>include a quick phrase about the classpath instead. I'm reluctant to
>encourage users to put them into the internal Tomcat classloader
>directories, since that is a rather sketchy configuration (someone will
>eventually add JSSE to the classpath as well, which will cause Tomcat to
>fail on startup unless the internal versions are removed).
>
>So in your environment, it sounds like you would be simply specifying
>the JSSE jars in classpath passed to TC, yes?
Exactly.
