synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Veithen <andreas.veit...@gmail.com>
Subject Re: Supporting Multiple SSL Configurations at Sender
Date Tue, 21 Jul 2009 09:22:58 GMT
> Well, if not through different stores, how can we let the KeyManager know
> what cert to use for this particular endpoint?

If I remember well, this is how it works: during the handshake, the
server presents a list of trusted CAs to the client. The client than
selects the certificate that is signed (directly or indirectly) by
that CA and uses that to authenticate. I'm pretty sure this is what
happens when you create a java.net.URL with the https scheme and call
openConnection on it. Since behind the scene this uses an SSLContext,
chances are high that it also works with our HTTPS transport (or that
it would be pretty easy to make it work).

Of course this only satisfies the requirement if the two endpoints use
different CAs, which should be the usual case.

Andreas

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@synapse.apache.org
For additional commands, e-mail: dev-help@synapse.apache.org


Mime
View raw message