directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-1857) Allow registration of an LdapsInitializer at the LdapServer
Date Fri, 14 Jun 2013 09:25:20 GMT


Emmanuel Lecharny commented on DIRSERVER-1857:

You are absolutely right. The fact that we initialize the SSLContext with a NoVerificationTrustManager
is bad.

We will see what we can do to improve this situation, but I think it's just a matter of adding
an accessor in the LdapServer to get back the configured TrustManager.
> Allow registration of an LdapsInitializer at the LdapServer
> -----------------------------------------------------------
>                 Key: DIRSERVER-1857
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>    Affects Versions: 2.0.0-M12
>            Reporter: Achim Willems
> Due to a BSI directive we need mutual authentication for SSL/TLS connections. BSI (Bundesamt
für Sicherheit in der Informationstechnik) is a german governmental organization. This means,
that we cannot ignore this directive.
> The current implementation of uses the static
method to initialize the
SSL communication.
> It would be helpful to have an LdapsInitializer interface with a default implementation
(i.e. the current implementation is the default) and the possibility to register this interface
at the LdapServer.
> We then could implement our own version of the initializer to establish the necessary

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message