"Craig R. McClanahan" <[EMAIL PROTECTED]> writes:
> CertificatesValve is used to fulfill the Servlet API requirement that the
> certificate chain supplied by the client is exposed as a request attribute
> (also the cipher suite and key size in Servlet 2.3). Currently, it's hard
> coded to JSSE (including having to perform the type conversion from
> javax.security.cert.X509Certificate (supplied by JSSE) to
> java.security.cert.X509Certificate (requird by the Servlet API).
>
> For PureTLS, we'd need to provide these request attributes via some other
> mechanism -- perhaps by plugging in a PureTLS-specific version of this
> class, or by making this class smart enough to use introspection for
> whichever type of SSL support is available.
Craig,
When we're using Coyote, these attributes are set in
HttpProcessor.action(ACTION_REQ_SSL_ATTRIBUTE).
This code calls the sslSupport class which automatically translates
from the underlying implementation to a vector j.s.c.X509Certificate.
The actual translators live in o.a.t.u.net.{JSSE,PureTLS}Support.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
