directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pierre-Arnaud Marcelot (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRAPI-69) startTLS hostname verification
Date Tue, 24 Jan 2012 07:35:43 GMT

    [ https://issues.apache.org/jira/browse/DIRAPI-69?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13191977#comment-13191977
] 

Pierre-Arnaud Marcelot commented on DIRAPI-69:
----------------------------------------------

Hi Daniel,

Have you tried implementing a javax.net.ssl.X509TrustManager and assigning it to the org.apache.directory.ldap.client.api.LdapConnectionConfig.setTrustManagers(TrustManager...)
method?

I know it's working when accessing the servers using LDAPS but I'm not sure it's used during
the StartTLS operation though.

FYI, we provide a default implementation org.apache.directory.ldap.client.api.NoVerificationTrustManager
which trusts the given certificates without verifying them (and logs as debug the received
certificates)
                
> startTLS hostname verification
> ------------------------------
>
>                 Key: DIRAPI-69
>                 URL: https://issues.apache.org/jira/browse/DIRAPI-69
>             Project: Directory Client API
>          Issue Type: Improvement
>            Reporter: Daniel Fisher
>
> The current API does not have any features for controlling hostname verification. In
addition, it appears that *no* hostname verification occurs by default. See RFC 2830 section
3.6

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message