[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-dev] NextProtoNego and OSGi
|
Am 25.01.2013 19:30, schrieb Simone Bordet:
I am interested in how.
Can you share the details ?
Using a custom provider ?
So our own TLS implementation is done using a custom
SSLSocketFacktory/SSLServerSocketFactory. It creates the
sockets/channels that you use and provide you with the necessary details
and the decrypted bytes. No low-level dealing with the SSLEngine is
necessary at all for proper NIO.
The benefits of this stack is that it allows us to speak to the German
passport which requires some extensions/features that aren't available
in the JRE implementation. Additionally, the implementation is very
light compared to the JRE implementation in terms of object creation,
etc. Thus, it also runs nicely on Android. We also have NPN.
We have an integration with Tomcat and I'm now also looking into
integrating with Jetty. I think the proper way to integrate it is to
provide our own ConnectionFactory, Connection and EndPoint types.
However, while researching other options yesterday I also found a custom
provider which provides NPN.
https://github.com/benmmurphy/ssl_npn/
https://github.com/benmmurphy/ssl_npn/commit/76b67e60e3654d6a9e090fb1af89cf52cb6a5837
The benefit is that the custom provider must not be available on the
boot classpath. However, it seems to duplicate quite a bit of code from
the JDK classes. There might by visibility constraints why classes must
be duplicated.
I wonder if it's possible to provide a custom Jetty provider in a
similar way to integrate with the existing functionality around
SslConnectionFactory and DecryptedEndPoint.
-Gunnar
--
Gunnar Wagenknecht
gunnar@xxxxxxxxxxxxxxx
http://wagenknecht.org/