Salut,
Bruno Harbulot wrote:
> Hello,
>
> Jeanfrancois Arcand wrote:
>
>>>> I'm was recently looking at GWS and its HTTPS support.
>>>> I found out that user can start GWS configured to serve HTTPS
>>>> without SSLConfig.
>>>> This renders service unusable.
>>> We can try to use some "default" SSLConfig, which reads SSL
>>> configuration from System properties.
>>>
>>>> What do you think of deprecating constructor with boolean secure
>>>> parameter and creating one that would require SSLConfig?
>>> IMHO it could be even more clear, if we can split GrizzlyWebServer
>>> implementation into two: Secure and non-Secure.
>
>
> Perhaps this thread on glassfish-dev might be of interest [1]. (I've
> just posted something about it a few minutes ago, but my e-mail doesn't
> seem to have arrived yet).
>
>
>> Hum :-) I would think it is much simpler to have a single entry point.
>> A default SSLConfig is probably what we want (JDK 7 will add that
>> features).
>
> I'm surprised. This looks similar to an SSLContext factory, which I
> tried to suggest a few months ago on the security-dev_at_openjdk list, and
> the conclusion was that this didn't really belong in the JRE [2].
Ok I think I might have missed something and probably I'm wrong. I will
dig my email to see from where I've got this information.
>
>
> Regarding SSLConfig, since I've already done some similar work for
> Tomcat [3], Jetty [4] and Restlet (including the Grizzly connector of
> Restlet, but that was easy enough because there was a setSSLContext
> already), I wouldn't mind helping here.
Your help is more that wanted. Hubert has made some work available
yesterday via:
https://grizzly.dev.java.net/issues/show_bug.cgi?id=494
Maybe you can take a look and recommend?
These issues in these other
> projects were about SSLContexts that are not file-based (nor
> inputstream-based), such as PKCS#11 tokens and Apple's KeychainStore. In
> fact, this work was one of reasons for me to package these utilities
> (especially SSLContextFactory) as jSSLutils [5].
I see. I would really like to see you feedback on the current exercise
to avoid the same issue you fixed with other container. Fixing issue 508
would be great as well :-)
Thanks
-- Jeanfrancois
>
>
> Best wishes,
>
> Bruno.
>
>
>
> [1]
> https://glassfish.dev.java.net/servlets/BrowseList?list=dev&by=thread&from=1661989
>
> [2]
> http://mail.openjdk.java.net/pipermail/security-dev/2009-January/000509.html
>
> [3] https://issues.apache.org/bugzilla/show_bug.cgi?id=43094
> [4] http://jira.codehaus.org/browse/JETTY-456
> [5]
> http://code.google.com/p/jsslutils/source/browse/trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/SSLContextFactory.java
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: dev-help_at_grizzly.dev.java.net
>