You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Marius Scurtescu (JIRA)" <ji...@apache.org> on 2009/03/04 21:09:56 UTC

[jira] Commented: (DIRSTUDIO-263) Add certificate validation for ldaps and StartTLS

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12678889#action_12678889 ] 

Marius Scurtescu commented on DIRSTUDIO-263:
--------------------------------------------

Adding proper certificate exception handling when validation fails is probably a large job, this is why this feature gets postponed. Is that correct?

As an intermediate step maybe the validation can still be done and the validation error shown, then proceed as usual regardless. But at least you are warned that validation failed.

Please make sure that the hostname is also validated, AFAIK this is not done by default and must be done explicitly in JNDI, at least for LDAPS, not sure about StartTLS.

See this thread for some details:
http://forums.sun.com/thread.jspa?messageID=10629641

> Add certificate validation for ldaps and StartTLS
> -------------------------------------------------
>
>                 Key: DIRSTUDIO-263
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-263
>             Project: Directory Studio
>          Issue Type: Improvement
>          Components: studio-dsml-parser
>            Reporter: Stefan Seelmann
>            Assignee: Stefan Seelmann
>            Priority: Minor
>
> We have encrypted connections using ldaps:// or the StartTLS extended operation, but the certificate isn't validated as we always use a DummySSLSocketFactory.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.