directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-1857) Allow registration of an LdapsInitializer at the LdapServer
Date Fri, 14 Jun 2013 09:25:20 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13683235#comment-13683235
] 

Emmanuel Lecharny commented on DIRSERVER-1857:
----------------------------------------------

You are absolutely right. The fact that we initialize the SSLContext with a NoVerificationTrustManager
is bad.

We will see what we can do to improve this situation, but I think it's just a matter of adding
an accessor in the LdapServer to get back the configured TrustManager.
                
> Allow registration of an LdapsInitializer at the LdapServer
> -----------------------------------------------------------
>
>                 Key: DIRSERVER-1857
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1857
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>    Affects Versions: 2.0.0-M12
>            Reporter: Achim Willems
>
> Due to a BSI directive we need mutual authentication for SSL/TLS connections. BSI (Bundesamt
für Sicherheit in der Informationstechnik) is a german governmental organization. This means,
that we cannot ignore this directive.
> The current implementation of org.apache.directory.server.ldap.LdapServer uses the static
method org.apache.directory.server.ldap.handlers.ssl.LdapsInitializer.init to initialize the
SSL communication.
> It would be helpful to have an LdapsInitializer interface with a default implementation
(i.e. the current implementation is the default) and the possibility to register this interface
at the LdapServer.
> We then could implement our own version of the initializer to establish the necessary
behaviour.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message