Can you pls. share the code (via github?)
Thanks.
WBR,
Alexey.
On 04.02.15 18:46, Lee You wrote:
> Thank you Alexey,
>
> I coded a custom KeyManager, luckily, it is works.
>
> But, when I was trying to code a custom TrustManager is failed. And,
> then changing the way to the original one(using TrustStore File Only) :
> 1) serverSslContext.setTrustStoreFile(..) , .setTrustStorePass(…),
>
> 2) context = serverSslContext.createSSLContext();
>
> 3) new SSLEngineConfigurator(context, false, false, false);
>
> it is still failed. Is there something I missed?
>
> *** the .crt imported into the TrustStore and the browser trusted it
> already***
>
> Thanks
> Lee
>
>
>
> <quote author='oleksiys'>
> Hi Lee,
>
> did you try to create SSLContext with custom KeyStores and then pass the
> SSLContext to SSLEngineConfigurator?
>
> SSLEngineConfigurator configurator = new
> SSLEngineConfigurator(sslContext, false, ....);
>
> In the custom KeyManager implementation (for example you can extend the
> X509ExtendedKeyManager, you can chose the alias for SSLEngine before
> handshake happens.
> @Override
> public String chooseEngineServerAlias(String string,
> Principal[] prncpls, SSLEngine ssle) {
> }
>
> @Override
> public String chooseEngineClientAlias(String[] strings,
> Principal[] prncpls, SSLEngine ssle) {
> }
>
> Grizzly SNI Filter can pass the SNI information via
> sslEngine.getSession() attribute.
>
> Want to try that way?
>
> Thanks.
>
> WBR,
> Alexey.
>
>
>
> On 5 February 2015 at 15:37, Lee You <lee.y.y.you_at_gmail.com
> <mailto:lee.y.y.you_at_gmail.com>> wrote:
>
> Hi Alexey,
>
>
> I coded a custom KeyManager, luckily, it is works.
>
>
> But, when I was trying to code a custom TrustManager is failed.
> And, when changing the way to the original one(using TrustStore
> File Only) from your sample:
>
> 1)serverSslContext.setTrustStoreFile(..) , .setTrustStorePass(…),
>
> 2)context = serverSslContext.createSSLContext();
>
> 3)new SSLEngineConfigurator(context, false, false, false);
>
> it is still failed. Is there something I missed?
>
>
> *** the .crt imported in the TrustStore and the browser trusted
> it already***
>
>
> Thanks
>
> Lee
>
>
>
> On 3 February 2015 at 21:25, Lee You <lee.y.y.you_at_gmail.com
> <mailto:lee.y.y.you_at_gmail.com>> wrote:
>
> Hi Alexey,
>
> Yes, that is true, a specific SSLEngine is needed before the
> SSL handshaking.
>
> To add an interface in
> SSLEngineConfigurator/SSLContextConfigurator/new class for
> supporting custom KeyManager is really a good idea, then we
> need not care about the keyStore anymore. And our Grizzly
> will be more flexible.
>
> If there is any sample for it that would be great!
>
> Thanks again!
> Lee
>
>
> >>>>>>>>>
> Hi Lee,
>
> if you could set the KeyManager for SSLEngineConfiguration
> would it help to solve the problem?
> What if inside the custom KeyManager you knew the SNI host of
> a specific SSLEngine (before starting handshake) - would it help?
>
> WBR,
> Alexey.
>
>
>
>