Rich Megginson wrote, On 2008-09-24 19:00: > Nelson Bolyard wrote: >> The Java LDAP SSL code in java-sdk/ldapjdk/netscape/ldap on the trunk >> is very old, dating back to 2002, and bearing the tag LDAPJavaSDK_418. >> >> http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/directory/java-sdk/ldapjdk/netscape/ldap/factory/JSSSocketFactory.java&rev=1.3&mark=146#129 >> >> http://bonsai.mozilla.org/cvsgraph.cgi?file=mozilla/directory/java-sdk/ldapjdk/netscape/ldap/factory/JSSSocketFactory.java >> >> Is that the latest version? > Yes.
> That's the latest that I know of. I'm not aware of anything later. I > think there might be a couple of patches in bugzilla that might have > made it to HEAD. > >> Or are some vendors shipping private newer versions of it? > > Not that I know of. I think jpackage.org has 4.17 or 4.18, which are > the versions included with various versions of Red Hat Enterprise Linux, > Fedora, and some other linux distros. That's also the version we > include with the Red Hat (ex-Netscape) server products. Thanks, Rich, The question to which I am ultimately trying to get is: Does this Java LDAP SDK support SSL client authentication with client certificates? And my conclusion at this time is: no, it does not. I base that on these observations. 1. There are exactly two ways to do SSL client authentication with certificates using JSS. They are: a) Supplying a certApprovalCallback as an argument to the SSLSocket constructor, which this SDK does not do, as seen at http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/directory/java-sdk/ldapjdk/netscape/ldap/factory/JSSSocketFactory.java&rev=1.3&mark=146#129 b) Calling either of the following two methods on the SSLSocket object before doing the handshake: setClientCertNickname setClientCert Based on the content of this page: http://mxr.mozilla.org/mozilla/search?string=setClientCert&find=ldapjdk I conclude that the ldapjdk does not do that, either. So, based on the above observations, I conclude that this Java LDAP SDK has no support for SSL client authentication with certificates. Rich, Do you concur with that conclusion? _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
