Re: Detect SSL
Re: Detect SSL
- Subject: Re: Detect SSL
- From: Petite Abeille <email@hidden>
- Date: Fri, 2 May 2008 21:53:17 +0200
On May 2, 2008, at 4:01 AM, Don Lindsay wrote:
I want to identify if an application is being served via SSL. How
can I do this? I have looked at all the headers available through
the request.
Not to beat a dead horse, but... there is no way in plain HTTP to tell
if your connection is running over TLS or not... one could try to
infer such information by looking at the Request-URI or the Host
header for hints... but... that's about it as far as HTTP goes...
If you have access to the underlying network connection from the
client your chance of success are much higher...
http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/SSLSocket.html
Also, how can I get a handle to a client certificate if a person has
a PKI card?
Once you have the client SSLSocket, you can access its SSLSession,
which will lead you to the peer certificates.
http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/SSLSession.html
http://java.sun.com/j2se/1.4.2/docs/api/java/security/cert/Certificate.html
If none of those information are available to your application
directly, you will need to trust some second hand information (e.g.
upstream X_FORWARDED_PROTO header or similar).
--
PA.
http://alt.textdrive.com/nanoki/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
References: | |
| >Detect SSL (From: Don Lindsay <email@hidden>) |