| Re: [platform-update-dev] Role Based Updates |
Bob,
No problem
HTTPS relies on SSL which does the following handshake
1) client connects to HTTPS
2) Server sends server cert
3) client verifies cert against its truststore
optional
4) server asks for client cert
5) client sends cert
6) server verifies cert
In the current implementation, all works fine if the server certificate is
signed by a trusted CA which appears in cacerts under the JDK (Verisign,
Thawte and maybe Equifax depending on your cacert)
If you created your own certificate, the connection will fail miserably
until you manually add the server certificate in your client
When you connect to a HTTPS server from a browser you can get a screen that
tells you (in a nutshell)
The certificate you are receiving is signed by <company>
You do not trust <company> do you want to trust it for this session, for
ever or decide to cancel
We can do the same <well, technically it is feasible>
Does this make sense ?
(Embedded image moved to file: pic26913.gif) Christophe Elek
IBM Software Group - Toronto Lab
Technical Team Lead - Cross product Tech Support
Cross components problem resolution specialist
Eclipse.org - Platform Core development
Phone: 905-413-3467 T/L: 969-3467 Toll Free: 1-800-IBM-SERV
Email: celek@xxxxxxxxxx
Bob Foster
<bob@xxxxxxxxxx>
Sent by: To
platform-update-d platform-update-dev@xxxxxxxxxxx
ev-admin@eclipse. cc
org
Subject
Re: [platform-update-dev] Role
02/22/2005 10:54 Based Updates
PM
Please respond to
platform-update-d
ev@xxxxxxxxxxx
Christophe Elek wrote:
> Ok, I started some code (kind of crappy now but... :)
> It seems we will have to leave to the LoginModule implementer the
> responsibility to authenticate on a server.
> On easy way , but not real 'user' oriented, is to use SSL with client
> authentication. We do not authenticate the user, but the 'machine' but
that
> is easy to implement both on the eclipse side as well as for 'plugin'
> provider
> This then means one machine==one user
>
> Also, I was wondering, should we add code to 'import' trusted cert if we
> connect to an HTTPS site to retrieve the site.xml ?
> How many of us need that ?
I'll show a little ignorance here. I thought for https the cert was on
the server side, not the client?
Bob
_______________________________________________
platform-update-dev mailing list
platform-update-dev@xxxxxxxxxxx
http://dev.eclipse.org/mailman/listinfo/platform-update-dev
Attachment:
pic26913.gif
Description: GIF image
