directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Boreham <da...@bozemanpass.com>
Subject Re: TLS + SASL external and ACLs.
Date Sat, 07 May 2005 13:02:00 GMT

>>Trustin, wouldnt StartTLS be a part of the LDAP protocol impl rather
>>than a MINA filter?  I'm talking abt the command impl, not the actual
>>TLS handshake/encryption/decryption.  For this we already have the
>>SSLFilter.
>>
>>    
>>
To implement StartTLS you need to do two things:

1. Decode the LDAP extended operation.
2. Tell the network I/O layer to install SSL/TLS on the connection
and initiate its handshake.

The existing filter should be fine, as long as the code that
sees the extended operation has the ability to install the filter
(and as long as filters can be installed on-the-fly on a
connection that is already open).



Mime
View raw message