qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carl Trieloff <cctriel...@redhat.com>
Subject Re: SSL Support in C++ Broker (was Re: C++: SocketPrivate Class.)
Date Mon, 21 Apr 2008 17:08:29 GMT
Joshua Kramer wrote:
>> If you have separate listening connections which are either wholly SSL
>> or wholly not it makes more sense (to my mind) to keep the
>> implementations separate (but possible to use inheritance if that makes
>> sense) and to have a new SSL specific Acceptor to be the factory for the
>> new SSL connections.
> Can you describe, a bit more, the structure of the Acceptor?  It 
> appears (from the file TCPIOPlugin.cpp, line 72) that the Acceptor 
> starts listening before we tell it what port we want it to listen on.  
> (It actually appears that there is no 'Acceptor' that runs as itself - 
> the Acceptor class is used to derive the AsynchIOAcceptor.
> Where do we set config information, or at least pass it on to the 
> Acceptor and/or Socket objects?  This is important, because for an SSL 
> acceptor, we need to set and get:
> -Permitted and preferred Cipher Algorithms
> -Do we ask for client certificate?
> -Do we require client certificate?
> -Location of key and certificate databases
> -One of US, French, or International nationality settings
> -Callback functions to get passwords for certificates
> -Port
> -Host
> So far, I've added SSLAcceptor, SSLAsynchIO, and SSLSocket classes.  
> Soon after I have answers to the above I should have some code for you 
> to review.
> Thanks,
> -Josh


I think Andrew will be on-line again tomorrow, he has been doing some 
work in this area, so probably best if he comment. If he does not reply 
by COB tomorrow I will give you my thoughts
on the questions.


View raw message