Menu
▾
▴
#457 Provide a custom 'SSLSocketFactory'
Hello JTOpen team,
Our (development) IBM i machines have certificates that are signed by a CA that is internal to the company and our customers may have the same situation.
This means that a secure connection with JTOpen will not work by default, as the JVM will reject the host's certificate.
The alternative would be to provide the command-line System Properties to point to a trust store. However, due to technical reasons, we would like to avoid that.
We had a look at the JTOpen code base and adding a provision to supply a custom 'SSLSocketFactory' does not look that hard.
It would require some changes in classes: 'PortMapper', 'SecureAS400', 'SocketContainerJSSE' and 'SSLOptions'.
As soon as it is possible to provide a custom 'SSLSocketFactory', the SSL context is available to provide the functionality we like.
If we would provide patches for these 4 classes, would the JTOpen team be willing to apply them into the JTOpen code base, provided they meet the team's standards?
Regards,
Marcel Romijn
Hello, any news on this? I see newer issues get updates, and this one doesn't get any attention. We are willing to provide all the code for this. Maybe we can become an official contributor?
It would be great if this was built into into the driver
Hello,
Our (hopefully temporary) solution now is to clone the JTOpen sources, make the changes we need and use that in our product.
In alignment with the license, we will make the changed sources public when we release the product that uses them. Maybe we will make the changed sources public before our product is released.
But ultimately, having these changes in the original JTOpen code base would be more convenient and efficient.
Regards,
Marcel Romijn
I am looking at this. Sorry, only IBMer can be a contributor (some legal issues).
Hello Zhang Ze,
I understand contributions can only be made by IBM :-)
If the repository of JTOpen would be Git, I could present a PR with the changes we would need.
But since JTOpen is in a SVN repository, I don't know how to present our changes to a contributor.
Maybe by providing a patch somehow?
Kind regards,
Marcel Romijn
Hi,
I am working with internal team to confirm if the contrabution process still work.
FYI, http://jt400.sourceforge.net/develop.html#overview, If it still work, You can become a contributor by signing a License agreement. I will let you know the result. Thank you.
Hello Marcel Romijn,
Firstly, You need send an e-mail to the Core Team(jeber@us.ibm.com and zezhang@cn.ibm.com) a signed JTOpen Contributor License Agreement.
Then, you can provide the patch to us and I would merge it in. Thank you.
Hi Zhang Ze,
Thanks for sending me the link to the Contributor License Agreement.
I'll have to run it through my manager and optionally the legal department.
If all lights turn green, I will e-mail the signed form.
Kind regards,
Marcel Romijn
@mromijn, I like this idea. We are in the process of moving JTOpen to GitHub. If you have an account there, can you please open an issue at https://github.com/IBM/JTOpen/ ?