Adam Taft <adam@hydroblaster.com> wrote:
> I'm guessing that Duke is referring to
> org.apache.xmlrpc.secure.SecureWebServer which seems to be troubling
> many subscribers to this list.
> Wrapping an XML-RPC server in an SSL servlet, or for that matter,
> using any https server (like Apache) in reverse proxy mode, is a
> pretty straight forward secure server implementation. I'm guessing
> that's not what he was looking for.
Thanks for the explanation, Adam. I still do not understand, though, why
one would prefer a homegrown solution like the SecureWebServer over a
true SSL server like Jetty or TomCat? But that's another story.
I have studied the difference between the WebServer and the
SecureWebServer in the current version. Obviously, it is quite easy to
port these to the streaming branch. However, looking through the
archives of xml-rpc-dev and xml-rpc-user, I do not find anything, that
documents the servers use. (Creating a self signed certificate, add it
to the keystore, and so on.) Consequently, the software currently seems
pretty useless. My conclusion is, that I am quite ready to do the port
to the streaming branch, but only, if there's someone who writes some
documentation. Otherwise, it seems to be the best thing to refer to
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
Jochen
|