"Craig R. McClanahan" <[EMAIL PROTECTED]> writes: > CertificatesValve is used to fulfill the Servlet API requirement that the > certificate chain supplied by the client is exposed as a request attribute > (also the cipher suite and key size in Servlet 2.3). Currently, it's hard > coded to JSSE (including having to perform the type conversion from > javax.security.cert.X509Certificate (supplied by JSSE) to > java.security.cert.X509Certificate (requird by the Servlet API). > > For PureTLS, we'd need to provide these request attributes via some other > mechanism -- perhaps by plugging in a PureTLS-specific version of this > class, or by making this class smart enough to use introspection for > whichever type of SSL support is available.
Craig, When we're using Coyote, these attributes are set in HttpProcessor.action(ACTION_REQ_SSL_ATTRIBUTE). This code calls the sslSupport class which automatically translates from the underlying implementation to a vector j.s.c.X509Certificate. The actual translators live in o.a.t.u.net.{JSSE,PureTLS}Support. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>