directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Configure LDAPS with 1x and 2x SSL on ApacheDS 2.0 M8
Date Tue, 27 Nov 2012 14:37:42 GMT
Le 11/26/12 5:28 AM, Nick Duan a écrit :
> Thanks a lot for all your responses.   I am sorry to hear that client
> authentication using X.509 cert isn't implemented in Apache DS.   Is there
> any plan to implement this in future releases?  
Yes, definitively.
>  Could someone perhaps point
> out which class/package in ApacheDS is responsible for handling the SSL
> connection?
This is not that simple...

SSL is handle in two places in the server :
1) In MINA (the network layer) when you use LDAPS
2) In the apacheds/protocol-ldap module, in the StartTlsHandler class
when you use StartTLS instead of LDPAS.

All the handshake is done by MINA.

Currently we only use the NoVerificationTrustManager class, so it
accepts all the incoming clients.

We certinly want to improve this area. I have created a JIRA for that FYI.



-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com 


Mime
View raw message