>
cc'ing Alan Bateman, the leader of NIO 2.
>>>
>>> Can you describe what you need to create inside the
>>> createSSLContext()?
>> Currently, for unit test, it looks like that:
>> private SSLContext createSSLContext() {
>> SSLContextConfigurator sslContextConfigurator =
>> new SSLContextConfigurator();
>> ClassLoader cl = getClass().getClassLoader();
>> // override system properties
>> URL cacertsUrl = cl.getResource("ssltest-cacerts.jks");
>> if (cacertsUrl != null) {
>>
>> sslContextConfigurator.setTrustStoreFile(cacertsUrl.getFile());
>> }
>> // override system properties
>> URL keystoreUrl = cl.getResource("ssltest-keystore.jks");
>> if (keystoreUrl != null) {
>>
>> sslContextConfigurator.setKeyStoreFile(keystoreUrl.getFile());
>> }
>> return sslContextConfigurator.createSSLContext();
>> }
>> There could be different ways to create SSLContext... Grizzly 2.0
>> just has a helper class SSLContextConfigurator, which makes
>> SSLContext initialization easier.
>
> Just out of curiosity, have you tried to talk to the JDK 7 team to
> see if this sort of class could be part of the JRE? I've done a
> similar interface (and classes) which I've called SSLContextFactory
> in jSSLutils [1] to help with configuring SSLContexts, in particular
> to configure the CRLs more easily and to be able to tweak the
> TrustManagers. (By the way, this is already in use with the Grizzly
> connector in Restlet.)
> I mentioned this SSLContextFactory on the OpenJDK security mailing
> list a few months ago, but I haven't had much feedback. (I
> understand that they probably have other priorities, and this is not
> an emergency indeed.)
Interesting question.
Alan, are you planning to improve SSL support, make it easier to
configure for NIO 2?
Thank you.
WBR,
Alexey.
>
>
> Best wishes,
>
> Bruno.
>
> [1] http://www.jsslutils.org/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: dev-help_at_grizzly.dev.java.net
>