[jira] [Commented] (DIRSERVER-1857) Allow registration of an LdapsInitializer at the LdapServer

["Emmanuel Lecharny (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/DIRSERVER-1857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13683235#comment-13683235 ] 

Emmanuel Lecharny commented on DIRSERVER-1857:
----------------------------------------------

You are absolutely right. The fact that we initialize the SSLContext with a NoVerificationTrustManager is bad.

We will see what we can do to improve this situation, but I think it's just a matter of adding an accessor in the LdapServer to get back the configured TrustManager.
                
> Allow registration of an LdapsInitializer at the LdapServer
> -----------------------------------------------------------
>
>                 Key: DIRSERVER-1857
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1857
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>    Affects Versions: 2.0.0-M12
>            Reporter: Achim Willems
>
> Due to a BSI directive we need mutual authentication for SSL/TLS connections. BSI (Bundesamt für Sicherheit in der Informationstechnik) is a german governmental organization. This means, that we cannot ignore this directive.
> The current implementation of org.apache.directory.server.ldap.LdapServer uses the static method org.apache.directory.server.ldap.handlers.ssl.LdapsInitializer.init to initialize the SSL communication.
> It would be helpful to have an LdapsInitializer interface with a default implementation (i.e. the current implementation is the default) and the possibility to register this interface at the LdapServer.
> We then could implement our own version of the initializer to establish the necessary behaviour.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira