axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Samisa Abeysinghe <samisa_abeysin...@yahoo.com>
Subject Re: SSL implementation
Date Thu, 04 Nov 2004 02:36:13 GMT
Hi Fred, 
    I have few more thoughts in addtion to the 5 points in earlier email.
6. What are the possible attributes set through setSecurity() method?
7. Is it reasonable if we enfoce that, if one wants to use SSL with client, he/she must change
axiscpp.conf file and set Transport_http to a lib having SSL support. If this is acceptable,
then
if we could get rid of setSecurity() method mentioned in 6 above, we can make SSL transparent
to
user. What do you think?

Your desing is an eye opener for us to see what we have missed when transport abstraction
layer
was designed. Thank you for your efforts on this Secure Channel design.

Regards,
Samisa...

--- Samisa Abeysinghe <samisa_abeysinghe@yahoo.com> wrote:

> Hi Fred,
>     Fre question.
> 1. Why do you need setServerName() in ISecureChannel class? Can't you use the URL class
(Which
> is
> contained in Channel class) for this?
> 
> 2. Why do you have openConnection() and OpenSecureSocket() [and closeConnection()/
> CloseSecuritySocket()] in SecureChannel class? Why this pair? Why not one? I think you
do not
> need
> any of them and could override open() and close() inherited from Channel straightaway.
I think
> the
> same applies to >> and << operations (simply override and no need for write/readSecureSocket
> methods).
> 
> 3. This design requires changes to Axis2Transport class to select between secure vs.
non-secure
> channel. That means users have to have at leat one concrete implementation of the secure
channel
> to use Axis C++. Now the question is different users need different undelying libs, and
we are
> going make at leat one SSL lib mandatory to use Axis C++. I think a better option would
be to
> have
> this security enabled transport as a seperate lib in a seperate folder, say axis2secure,
and
> inherit from Axis2Transport and do whatever changes necessary. This way, those who do
not need
> security would not have to have an SSL lib on their system.
> 
> 4. I am looking into implementing Keep-Alive support to axis2 transport. This means I
will be
> changing the how the connection is managed by Channel class (when to close, wehn to re-open
> etc.)
> How can we make the SecureChannel class to capture those changes?.
> 
> 5. This morning when I got a freash CVS checkout and compiled I ran into compilation
errors:
>  g++ -DHAVE_CONFIG_H -I. -I. -I../../.. -I../../../include -Wall -Wshadow -DENABLE_AXISTRACE
> -Wall
> -Wshadow -DENABLE_AXISTRACE -g -O2 -MT SecureChannel.lo -MD -MP -MF .deps/SecureChannel.Tpo
-c
> SecureChannel.cpp  -fPIC -DPIC -o .libs/SecureChannel.o
> In file included from SecureChannel.cpp:1:
> SecureChannel.h:12: error: looser throw specifier for `virtual bool
>    SecureChannel::open() throw (AxisTransportException)'
> Channel.h:92: error:   overriding `virtual bool Channel::open() throw
>    (AxisTransportException&)'
> SecureChannel.h:12: error: looser throw specifier for `virtual bool
>    SecureChannel::open() throw (AxisTransportException)'
> Channel.h:92: error:   overriding `virtual bool Channel::open() throw
>    (AxisTransportException&)'
> SecureChannel.cpp: In member function `virtual void
>    SecureChannel::setSecureProperties(const char*)':
> SecureChannel.cpp:70: warning: unused variable `std::string*ps'
> make[4]: *** [SecureChannel.lo] Error 1
> 
> Thanks,
> Samisa...
> 
> 
> --- Fred Preston <PRESTONF@uk.ibm.com> wrote:
> 
> > 
> > 
> > 
> > 
> > Hi All,
> >       I'm currently implementing an SSL solution, but  want to make sure
> > that I've covered all the bases before I commit it to CVS.  Here is my
> > proposal...
> > 
> > (See attached file: Adding SSL to Transport.doc)
> > 
> > Does anyone have any views on my implementation (API, etc) before I commit
> > these changes to CVS.
> > 
> > Regards,
> > 
> > Fred Preston.
> 
> > ATTACHMENT part 2 application/msword name=Adding SSL to Transport.doc
> 
> 
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Check out the new Yahoo! Front Page. 
> www.yahoo.com 
>  
> 
> 



		
__________________________________ 
Do you Yahoo!? 
Check out the new Yahoo! Front Page. 
www.yahoo.com 
 


Mime
View raw message