You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Manfred Baedke (Jira)" <ji...@apache.org> on 2021/07/29 22:39:00 UTC
[jira] [Commented] (OAK-9519) TlsGuardingConnection doesn't do a
TLS handshake on reused connections
[ https://issues.apache.org/jira/browse/OAK-9519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17390186#comment-17390186 ]
Manfred Baedke commented on OAK-9519:
-------------------------------------
Proposed patch attached.
> TlsGuardingConnection doesn't do a TLS handshake on reused connections
> ----------------------------------------------------------------------
>
> Key: OAK-9519
> URL: https://issues.apache.org/jira/browse/OAK-9519
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: auth-ldap
> Affects Versions: 1.22.6
> Reporter: Manfred Baedke
> Assignee: Manfred Baedke
> Priority: Major
> Attachments: OAK-9519.patch
>
>
> With Oak 1.22.6, org.apache.directory.api.api-all received a major version update. With the previous version, the method LdapNetworkConnection#startTls() failed when called more than once on the same connection. As a workaround we used the derived class TlsGuardingConnection which prevented this. With the new version, not only LdapNetworkConnection#startTls() may be called multiple times, but also has to be called when a connection from the pool is reused. TlsGuardingConnection doesn't do this, which results in insecure connections.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)