Thanks in advance and best regards,
Steve Thompson
--
if you use spray-server on a servlet container (Jetty, Tomcat, Glassfish...) your application will be able to serve content over SSL without any problems.
The "no-SSL-yet" limitation only applies to the spray-can layer (and spray-client depending on it).
Akka Mist only supports servlet containers, so it doesn't buy us anything in this regard...
Cheers,
Mathias
---
mat...@spray.cc
http://www.spray.cc
217 val sslh = r.underlying.context.getPipeline.get(classOf[SslHandler])
219 trySome(sslh.getEngine.getSession.getPeerCertificates.toIndexedSeq) orElse {
220 //it seems that the jvm does not keep a very good cache of remote certificates in a session. But
221 //see http://stackoverflow.com/questions/8731157/netty-https-tls-session-duration-why-is-renegotiation-needed
222 if (!fetch) None
223 else {
224 sslh.setEnableRenegotiation(true) // todo: does this have to be done on every request?
225 r match {
226 case UserAgent(agent) if needAuth(agent) => sslh.getEngine.setNeedClientAuth(true)
227 case _ => sslh.getEngine.setWantClientAuth(true)
228 }
229 val future = sslh.handshake()
230 future.await(30000) //that's certainly way too long.
231 if (future.isDone && future.isSuccess)
232 trySome(sslh.getEngine.getSession.getPeerCertificates.toIndexedSeq)
233 else
234 None
235 }
236 }
> It looks like spray is not quite ready for what I need, because of lack of support for https.
Yes, we know that SSL support is criticial for many users, so it's a top priority for spray-can right now.
We are currently in the middle of a major upgrade to the spray-can layer, which among other things (like an easy transition to Akka 2.0) will deliver SSL support.
However, it's not quite done yet so, at this time, spray is indeed not ready for what you need.
> Btw. Netty allows one to set the NEED or WANT mode for the server per connection, which is very useful - in case you add TLS to
> your server, keep in mind that having functionality such as the following is extreemly useful:
I don't know what you mean by the "NEED or WANT mode for the server per connection".
Could you go into a little more details?
What exactly is the functionality you think would be extremely useful?
> Btw. Spray seems quite similar to twitter's finagle. There too one has to set up the connections for each server
> individually, and they seem to have very much tuned it for one server at a time.
Finagle is _much_ bigger than spray-can.
More features, a lot more dependencies and a lot more general weight.
At the time we started spray-can there was no version for Scala 2.9.1 yet (it just came out very recently).
That said, it certainly be not hard to move enable spray to run on Finagle as the basic HTTP layer...
(or on Netty directly).
Cheers,
Mathias
---
mat...@spray.cc
http://www.spray.cc
Henry,
thanks a lot for the pointers.
We'll dive into this content soon.
Great to have you on the list, maybe you'll even be around to help reviewing the spray-io implementation, which we expect to be quite light-weight.