Ability to set the SSLContext in the SSL connectors

looks handy,

any chance you could add a test case for this? perhaps using your jsslutils artifact as a test scoped dependency?

Here is a test case that uses jSSLutils: http://code.google.com/p/jsslutils/

There are 8 tests, being the permutations of SslSelectChannelConnector/SslSocketConnector, X509/PKIX(cert revocation enabled), Good/Bad(i.e. revoked) client certificate.

They keystores are the ones I put in the jsslutils tests. These 5 files should be copied into modules/server/jetty-ssl/src/test/resources/

http://jsslutils.googlecode.com/svn/trunk/dummy.jks
http://jsslutils.googlecode.com/svn/trunk/certificates/localhost.p12
http://jsslutils.googlecode.com/svn/trunk/certificates/newca.crl
http://jsslutils.googlecode.com/svn/trunk/certificates/testclient-r.p12
http://jsslutils.googlecode.com/svn/trunk/certificates/testclient.p12

In addition, for the tests using the SslSocketConnector, this patch has to be applied:

— a/modules/server/jetty/src/main/java/org/mortbay/io/bio/SocketEndPoint.java
+++ b/modules/server/jetty/src/main/java/org/mortbay/io/bio/SocketEndPoint.java
@@ -20,6 +20,8 @@ import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;

+import javax.net.ssl.SSLSocket;
+
import org.mortbay.io.Portable;

/**
@@ -57,7 +59,7 @@ public class SocketEndPoint extends StreamEndPoint
*/
public void close() throws IOException
{

• if (!_socket.isClosed() && !_socket.isOutputShutdown())
  + if (!_socket.isClosed() && !_socket.isOutputShutdown() && !(_socket instanceof SSLSocket))
  _socket.shutdownOutput();
  _socket.close();
  _in=null;

(I'll submit another issue for this problem.)

bruno,

I don't see the jsslutils in the maven2 repository yet, could you either point me at them or go through the process of getting them published into there?

http://maven.apache.org/guides/mini/guide-central-repository-upload.html

it will make your project so much easier to be consumed, I can't get the test case into the project otherwise. Also, your ok with the test case having the ASL2.0 attached to it when/if I put it svn, correct?

jesse

Jesse,

Thanks for the suggestion, you're right. I've just submitted an upload request: MAVENUPLOAD-2044. The bundle is available from http://jsslutils.googlecode.com/files/jsslutils-0.2-bundle.jar

I'm happy to put the test-case under ASL 2.0.

Because I've switched from Ant to Maven, I've moved the test-keystores and associated files in the repository. The URLs above no longer point to these files. Instead, they can be found in http://jsslutils.googlecode.com/svn/trunk/src/test/resources/certificates/ and http://jsslutils.googlecode.com/svn/trunk/src/test/resources/certificates/jks/

Cheers,

Bruno.

bruno

another option regarding those test keystores, they seem like the might be generally useful for multiple projects so it might be nice to publish a test artifact with those in them, see the remote-resources-plugin. Then I could just pull them down into the build's target directory and run your test case off of those.

something to consider.

I'll wait for the jsslutils to appear in the maven central repo and then look at getting all of this dropped into place

cheers!
jesse

Hi Jesse,

jsslutils 0.3 is now in the Maven central repository. In addition, the test keys/certificates are also the the repository. Here are the artifact descriptors:

 
<dependency>
        <groupId>com.googlecode.jsslutils</groupId>
        <artifactId>jsslutils</artifactId>
        <version>0.3</version>
</dependency>

 
<dependency>
        <groupId>com.googlecode.jsslutils</groupId>
        <artifactId>jsslutils-test-certificates</artifactId>
        <version>1.0</version>
</dependency>

In version 0.3, I've renamed newInitializedSSLContext into buildSSLContext (simply because it sounded better and shorter). If you can, it would be good to rename the calls in SSLContextTest.java. It would still work with the old name, but I've marked it as deprecated. (Sorry about that. I know it's bad practice to change the API, but I knew all the people who had downloaded it when I made the change, so I've been able to fix this.)

Regarding ASL 2.0 for SSLContextText, strictly speaking, some credit should also be given to the author of SSLEngineTest which was in the same package. I've borrowed a couple of methods from this test. Feel free to adjust this file as appropriate.

Cheers,

Bruno.

Hi Jesse,

No worries, here is a new patch that comprises the two previous patches I submitted. It works against revision 3394, includes the test cases. The test cases depends on jSSLutils 0.3 + associated test certificates, which I've added to the pom file.

I've started to document how to use it on the jSSLutils page (based on the message I posted to jetty-dev on 16/04/08). I'll add more examples, but this patch used with jSSLutils should be a relatively cheap way to use CRLs in Jetty.

Cheers,

Bruno.

applied to the trunk

thanks bruno!