directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <mboorsht...@gmail.com>
Subject Re: Where can I get the client certificate?
Date Fri, 13 Mar 2015 11:55:18 GMT
>
>
> here you have access to the certificate and this is the only place where
> you have a chance to see it,
> and if you want to store it for any other purpose then you need to extend
> server, cause certs are useless
> after establishing a secure channel.
>
>>
>>
Well thats untrue.  The certificate can be used for user mapping,
authorization, etc.  This is VERY common in the HTTP world.  In a servlet
you can get the certificate, DN, etc from the request object.

That being said, I have extended the server (
http://sourceforge.net/p/myvd/code/HEAD/tree/trunk/MyVD/src/main/java/org/apache/directory/server/ldap/LdapServer.java)
mainly so I can do custom SSL implementations so I can easily create a
custom trust manager.  The question becomes how can I associate the cert I
get from the trust manager to an LDAP session?  Neither the trust manager
nor the keystore actually has that context.

Thanks
Marc

Mime
View raw message