-
1. Re: SSL Connection: load a new keystore at runtime
tom.elrod Apr 26, 2006 1:46 PM (in response to ente)Absolutely. Just enter it at http://jira.jboss.com under the JBossRemoting project and I'll assign it to a release.
-
2. Re: SSL Connection: load a new keystore at runtime
anil.saldhana Apr 26, 2006 1:52 PM (in response to ente)if somebody does System.setProperty on the jsse properties, wont they be picked at runtime?
-
3. Re: SSL Connection: load a new keystore at runtime
tom.elrod Apr 26, 2006 2:10 PM (in response to ente)Two ways to configure keystore properties within remoting. The first is to set the System property for jsse properties. I assume that once the ServerSocket or Socket has been created by the factory, changing these properties will not have any impact on these. The second way is to pass the info as config to remoting itself, where will create custom factory (using RemotingSSLSocketFactory). This allows changing config per client/server instance created (as jsse config is global per VM). For the custom factory (RemotingSSLSocketFactory), once a call like createSocket() is made, the keystore is loaded and can not be changed during runtime.
-
4. Re: SSL Connection: load a new keystore at runtime
tom.elrod Apr 26, 2006 2:11 PM (in response to ente)Assume the feature ente is asking for is related to this? Have not seen a jira issue come in on it yet though.
-
5. Re: SSL Connection: load a new keystore at runtime
ente Apr 27, 2006 3:41 AM (in response to ente)yes, it should be possible to use a new keystore after Connector.start() is done
-
7. Re: SSL Connection: load a new keystore at runtime
ente May 5, 2006 9:38 AM (in response to ente)it should also be possible to adjust on server side that a client certificate is required for SSL handshake
-
8. Re: SSL Connection: load a new keystore at runtime
mazz Aug 1, 2006 12:15 PM (in response to ente)Looks like this keystore loading feature is now implemented in HEAD as per http://jira.jboss.com/jira/browse/JBREM-427
Can someone give a brief description of it? This sounds like a feature I can use - I just want to get a feel for what was changed, how it is used, etc. -
9. Re: SSL Connection: load a new keystore at runtime
tom.elrod Aug 8, 2006 1:58 PM (in response to ente)If call setNewServerSocketFactory() on server invoker (only applies to socket and multiplex though) with new server socket factory, there is a background thread that will periodically (every 10 seconds) look and see that the server socket factory has been updated and swap it out with the current one in use.
Test cases within remoting are under org.jboss.test.remoting.transport.socket.ssl.serversocketrefresh and org.jboss.test.remoting.transport.multiplex.ssl.serversocketrefresh packages. -
10. Re: SSL Connection: load a new keystore at runtime
clarich Dec 6, 2006 4:43 AM (in response to ente)Hello,
it seems as if the dynamic loading of a new keystore at runtime is not possible when using Transporters (beaming POJOs). Is it possible to implement this in the next Release? May I post this request in jira? -
11. Re: SSL Connection: load a new keystore at runtime
tom.elrod Dec 6, 2006 10:03 AM (in response to ente)Don't think the api has been exposed via Transporters. Please add jira request if you like.
-
12. Re: SSL Connection: load a new keystore at runtime
clarich Dec 19, 2006 4:08 AM (in response to ente)Well I tried to find a solution on this request on my own. (As you can see at http://jira.jboss.com/jira/browse/JBREM-591) But during this I guess I found a bug, which occures when trying to load the keystore several times.
The ServerSocket sometimes is set to null so an NullPointerException is thrown, which the SocketServerInvoker and MultiplexServerInvoker are not able to handle.
My question now is how do I have to handle this bug. Is this to be added as a new jira request? Or did you already eliminate this bug? Or is this to be added to the jira request mentioned above?
Thanks Clarich -
13. Re: SSL Connection: load a new keystore at runtime
clarich Dec 19, 2006 4:11 AM (in response to ente)"Clarich" wrote:
(As you can see at http://jira.jboss.com/jira/browse/JBREM-591)
Sorry, I did attach the wrong link. I meant this jira request: http://jira.jboss.com/jira/browse/JBREM-646 -
14. Re: SSL Connection: load a new keystore at runtime
tom.elrod Dec 19, 2006 4:17 PM (in response to ente)Can you add a new jira issue for the NullPointerException?
Thanks.
-Tom