synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruwan Linton <ruwan.lin...@gmail.com>
Subject Re: Supporting Multiple SSL Configurations at Sender
Date Tue, 21 Jul 2009 00:05:37 GMT
On Mon, Jul 20, 2009 at 10:19 PM, indika kumara <indika.kuma@gmail.com>wrote:

> I am agree with asankha ,
>
> Requirement is to enable to represent multiple identities by synapse itself
> and also call to  external services whose  identities are different. For
> first requirement it may need to expose identities at proxy services level.
> For second requirement, it may need ability to specify and use multiple
> client certificates at endpoint level when calling different external
> services.
>
> Giving Multiple SSLContexts is the scalable solution. Specially, for the
> requirement one, using reactor will not be scalable.  Even for second
> requirement.
>
> But, it seems in the current IOreactor implementation it is only possible
> to be given one SSLContext (with IOEventDispatch).
>
> Seems like we need a new IOEventDispatch implementation that take Map of
> SSLContexts (or composite IOEventDispatch) and then within method,
>
> *public void connected (final IOSession session)*
>
> Based on information on IOSession session, pick the correct SSLContext.   I
> am not sure possibility of this, but Asankha or Oleg sure knows this.


Asankha, Indika is correct on the above comment I guess... IOReactor has
one-to-one relation ship with the SSLContext, I think that is why Hiranya
wanted multiple IOReactors to support this.

Is there a mechanism where you can provide multiple SSLContexts to the
IOEventDispatcher?? I suggest we get the patch from Hiranya and improve it
to support this scenario, since he has some working code already. WDYT?

Thanks,
Ruwan


>
>
> Thanks
> Indika
>
>
> >
> > I guess the real use case is the ability to use multiple identity
> > certificates when communicating out. A usual use case is that one
> > organization would need to use an identity certificate A when talking to
> an
> > endpoint of Company A, and another identity certificate B when talking to
> an
> > endpoint of Company B etc, when using 2-way SSL. This does not
> necessarily
> > require the support for multiple keystores, unless I have missed
> something.
> >
> > I have not yet looked into details.. but I do not directly see the need
> for
> > multiple IO reactors to support this.. but just multiple SSLContexts.
> >
> > cheers
> > asankha
> >
> > --
> > Asankha C. Perera
> > AdroitLogic, http://adroitlogic.org
> >
> > http://esbmagic.blogspot.com
> >
> >
> >
> >
>
>


-- 
Ruwan Linton
Technical Lead & Product Manager; WSO2 ESB; http://wso2.org/esb
WSO2 Inc.; http://wso2.org
email: ruwan@wso2.com; cell: +94 77 341 3097
blog: http://ruwansblog.blogspot.com

Mime
View raw message