directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marius Scurtescu (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSTUDIO-263) Add certificate validation for ldaps and StartTLS
Date Wed, 04 Mar 2009 20:09:56 GMT

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12678889#action_12678889
] 

Marius Scurtescu commented on DIRSTUDIO-263:
--------------------------------------------

Adding proper certificate exception handling when validation fails is probably a large job,
this is why this feature gets postponed. Is that correct?

As an intermediate step maybe the validation can still be done and the validation error shown,
then proceed as usual regardless. But at least you are warned that validation failed.

Please make sure that the hostname is also validated, AFAIK this is not done by default and
must be done explicitly in JNDI, at least for LDAPS, not sure about StartTLS.

See this thread for some details:
http://forums.sun.com/thread.jspa?messageID=10629641

> Add certificate validation for ldaps and StartTLS
> -------------------------------------------------
>
>                 Key: DIRSTUDIO-263
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-263
>             Project: Directory Studio
>          Issue Type: Improvement
>          Components: studio-dsml-parser
>            Reporter: Stefan Seelmann
>            Assignee: Stefan Seelmann
>            Priority: Minor
>
> We have encrypted connections using ldaps:// or the StartTLS extended operation, but
the certificate isn't validated as we always use a DummySSLSocketFactory.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message