On 7 Jun 2002, Eric Rescorla wrote:
> Date: 07 Jun 2002 08:47:23 -0700
> From: Eric Rescorla <[EMAIL PROTECTED]>
> Reply-To: Tomcat Developers List <[EMAIL PROTECTED]>,
> EKR <[EMAIL PROTECTED]>
> To: Tomcat Developers List <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: Required jar/rpms to build tomcat 4.1.3b1
>
> "GOMEZ Henri" <[EMAIL PROTECTED]> writes:
>
> > >> PureTLS ? Not yet in TC 4.x ...
> > >
> > >4.1 uses coyote which uses tomcat-utils, which works fine with
> > >pureTLS.
> > >I assume it's just undocumented, I don't see a code
> > >problem ( with the coyote connector ).
> > >
> >
> > Hum, JSSE is still required in part of the code, outside HTTP
> > connector world.
> >
> > org.apache.catalina.net.SSLServerSocketFactory require JSSE.
> >
> > JCERT is needed by org.apache.catalina.valves.CertificatesValve.
> Well, Ant is smart enough to not try to build these if you
> don't have JSSE. I'm still not completely clear on the circumstances
> in which these classes would get used.
>
CertificatesValve is used to fulfill the Servlet API requirement that the
certificate chain supplied by the client is exposed as a request attribute
(also the cipher suite and key size in Servlet 2.3). Currently, it's hard
coded to JSSE (including having to perform the type conversion from
javax.security.cert.X509Certificate (supplied by JSSE) to
java.security.cert.X509Certificate (requird by the Servlet API).
For PureTLS, we'd need to provide these request attributes via some other
mechanism -- perhaps by plugging in a PureTLS-specific version of this
class, or by making this class smart enough to use introspection for
whichever type of SSL support is available.
> In any case, the future we're moving toward will be all Coyote
> in which case you won't need these classes at all. Is that your
> understanding as well?
>
> -Ekr
>
> --
> [Eric Rescorla [EMAIL PROTECTED]]
> http://www.rtfm.com/
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
Craig McClanahan
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
