You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/09/09 16:10:00 UTC

[jira] [Created] (DIRSERVER-2328) CreateAuthenticator annotation trust manager improvements

Colm O hEigeartaigh created DIRSERVER-2328:
----------------------------------------------

             Summary: CreateAuthenticator annotation trust manager improvements
                 Key: DIRSERVER-2328
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2328
             Project: Directory ApacheDS
          Issue Type: Task
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 2.0.0.AM27


There are two problems with the CreateAuthenticator annotation trust manager configuration:
 # delegateSslTrustManagerFQCN + delegateTlsTrustManagerFQCN default to NoVerificationTrustManager, which is not secure.
 # These values are not plugged through to the DelegatingAuthenticator, which hard-codes NoVerificationTrustManager.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org