"Md. Jahid Shohel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > (Sorry for resending the same message. There were some typo. I am > really sorry for resending) > > > First of all Filip and Bill, thanks a lot for such a good suggestion. > Though I still didnt implement, but I will give a try according you > said. > > One more question, can you tell me when the first user request an SSL > request (i mean by https://www.mysite.com) then from which part of code > sends server's certificate to client? >
Well, the first place to look is org.apache.tomcat.net.SSL* (at least for the BIO Connector). However, Tomcat doesn't understand SSL/TLS. It relies on finding an SSLImplementation that does understand it, and delegates to it. The two that ship with Tomcat are in org.apache.tomcat.net.jsse and org.apache.tomcat.net.puretls. If all you care about is certs, then it will probably be easier to configure your own X509KeyManager and X508TrustManager as in the JSSE docs. > Also, how can i protect, so that tomcat doesn't go to any Certificate > Authority (CA) to clarify client's certificate? > This is actually configurable with PureTLS. But for JSSE, see my comment above. > Getting control on whole handshaking is the perfect solution for me. > And also seeing how tomcat do that handshaking (i mean from a to z of > tomcat's handshaking, from client's sending "hello" to finally session > key generation) will be a good help to know how to hook my own > handshaking. Also, if you tell me where to see for the implementation, > then I can get some idea while I am implementing my part of code. > > > > If you have any suggestion, please let me know. > > > Regards, > > Jahid --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
