[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl] problems updating an SSLServerSocket chain verifier



Hello,

access to the trust store itself is synchronized; any change you make will be
valid from the time you make it. However, you anytime have the option to 
write and plug in you own ChainVerifier following a more sophisticated 
strategy.

Regards,
Dieter Bratko

-----Ursprungliche Nachricht-----
Von: iaik-ssl-owner@iaik.tu-graz.ac.at
[mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]Im Auftrag von Miguel Reis
Gesendet: Mittwoch, 05. September 2001 17:54
An: iaik-ssl@iaik.at
Betreff: [iaik-ssl] problems updating an SSLServerSocket chain verifier



Hello,

I would like to know if there is any syncronization or 
concurrency problem in the process of updating a 
SSLServerSocket chain verifier using a thread (for example), 
while this same java object (the socket) is accepting 
new connections in another thread.


For example, suppose we have a SSLServerSocket object:

serverSocket = new SSLServerSocket(...,...)


now, thread 1 accepts a new connection in this exact moment:

thread 1: new_connection = serverSocket.accept()


and thread 2 does (in the exact same moment) something like this:

thread 2: context = serverSocket.getContext();
          context.addTrustedCertificate(some_cert);
          serverSocket.setContext(context);

          (or)

          context = serverSocket.getContext();
          ChainVerifier chain = context.getChainVerifier();
          chain.removeTrustedCertificate(some_cert);
          context.setChainVerifier(chain);
          serverSocket.setContext(context);


In particular, i'm concerned with a sslSocket that "loads" is chain of
trusted certificates (is "chain verifier") while this same "chain
 verifier" is in an update process.


Thanks,

miguel
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl
 



smime.p7s