qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Kramer <j...@globalherald.net>
Subject Re: SSL Support in C++ Broker (was Re: C++: SocketPrivate Class.)
Date Sun, 20 Apr 2008 05:48:42 GMT

> If you have separate listening connections which are either wholly SSL
> or wholly not it makes more sense (to my mind) to keep the
> implementations separate (but possible to use inheritance if that makes
> sense) and to have a new SSL specific Acceptor to be the factory for the
> new SSL connections.

Can you describe, a bit more, the structure of the Acceptor?  It appears 
(from the file TCPIOPlugin.cpp, line 72) that the Acceptor starts 
listening before we tell it what port we want it to listen on.  (It 
actually appears that there is no 'Acceptor' that runs as itself - the 
Acceptor class is used to derive the AsynchIOAcceptor.

Where do we set config information, or at least pass it on to the Acceptor 
and/or Socket objects?  This is important, because for an SSL acceptor, we 
need to set and get:

-Permitted and preferred Cipher Algorithms
-Do we ask for client certificate?
-Do we require client certificate?
-Location of key and certificate databases
-One of US, French, or International nationality settings
-Callback functions to get passwords for certificates
-Port
-Host

So far, I've added SSLAcceptor, SSLAsynchIO, and SSLSocket classes.  Soon 
after I have answers to the above I should have some code for you to 
review.

Thanks,
-Josh


Mime
View raw message