Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3B311EB39 for ; Tue, 27 Nov 2012 14:38:18 +0000 (UTC) Received: (qmail 97280 invoked by uid 500); 27 Nov 2012 14:38:18 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 97050 invoked by uid 500); 27 Nov 2012 14:38:13 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 97021 invoked by uid 99); 27 Nov 2012 14:38:12 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Nov 2012 14:38:12 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of elecharny@gmail.com designates 209.85.215.50 as permitted sender) Received: from [209.85.215.50] (HELO mail-la0-f50.google.com) (209.85.215.50) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Nov 2012 14:38:05 +0000 Received: by mail-la0-f50.google.com with SMTP id c1so11600610lah.37 for ; Tue, 27 Nov 2012 06:37:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=qrku6mBLO6S4e4TFpjrEAuMyde5aiS9Meetm6yRi6/c=; b=vy6nHXyvsgyaLLR6Jk6NOAKRtlrYkfYNBsnXNSA9j9WFG4y5NgHCBnRE8LBNROpwuw c6MOZb6CP7Lq8DzBQW2hbVmAqXGQQBlP0s25moqp88YDC1BQZv3CGq1JxIaX+EzENYaD lIhhKyAUc2cNzthPKmF2wmlf/U9Fo4g8TfEFugaezgRFS5aPD781ImHLsQ3r3+/JYhzp tXydxtjIE9SSs/AjnwFdETIml+J992PZQ0ZM3CexzrNf9+tbYzMRSe4LeFD4XbOhmdqh pMMXjjzwx6tasF7UfJ72Wt6hfyvGaUsC2bkXQxWh0OudQeM1Wdt8uiazEV9Ljr0W4441 auuA== Received: by 10.152.104.148 with SMTP id ge20mr14530249lab.51.1354027064109; Tue, 27 Nov 2012 06:37:44 -0800 (PST) Received: from Emmanuels-MacBook-Pro.local (ran75-1-78-192-106-184.fbxo.proxad.net. [78.192.106.184]) by mx.google.com with ESMTPS id l1sm7139781lbm.1.2012.11.27.06.37.42 (version=SSLv3 cipher=OTHER); Tue, 27 Nov 2012 06:37:43 -0800 (PST) Message-ID: <50B4D036.2030008@gmail.com> Date: Tue, 27 Nov 2012 15:37:42 +0100 From: =?UTF-8?B?RW1tYW51ZWwgTMOpY2hhcm55?= Reply-To: elecharny@apache.org User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: users@directory.apache.org Subject: Re: Configure LDAPS with 1x and 2x SSL on ApacheDS 2.0 M8 References: <009401cdc8df$9a0b0c90$ce2125b0$@dtechspace.com> <000301cdcb8e$74a61b50$5df251f0$@dtechspace.com> In-Reply-To: <000301cdcb8e$74a61b50$5df251f0$@dtechspace.com> X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Le 11/26/12 5:28 AM, Nick Duan a écrit : > Thanks a lot for all your responses. I am sorry to hear that client > authentication using X.509 cert isn't implemented in Apache DS. Is there > any plan to implement this in future releases? Yes, definitively. > Could someone perhaps point > out which class/package in ApacheDS is responsible for handling the SSL > connection? This is not that simple... SSL is handle in two places in the server : 1) In MINA (the network layer) when you use LDAPS 2) In the apacheds/protocol-ldap module, in the StartTlsHandler class when you use StartTLS instead of LDPAS. All the handshake is done by MINA. Currently we only use the NoVerificationTrustManager class, so it accepts all the incoming clients. We certinly want to improve this area. I have created a JIRA for that FYI. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com