Rich Megginson wrote, On 2008-09-26 13:17: > Nelson Bolyard wrote: >> http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/directory/java-sdk/ldapjdk/netscape/ldap/factory/JSSSocketFactory.java&rev=1.3&mark=146#129
>> So, based on the above observations, I conclude that this Java LDAP SDK >> has no support for SSL client authentication with certificates. >> >> Rich, Do you concur with that conclusion? > > The Cert System team suggests otherwise. They claim to be using > ldapjdk/jss with client cert auth. As you probably know, the cert > system is now open source. > http://pki.fedoraproject.org/wiki/PKI_Main_Page > > Here is the file that implements ldap client cert auth: > https://pki.fedoraproject.org/svn/pki/trunk/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java Thanks, Rich, After getting past that self-signed cert :( I found that the cited file is actually a REPLACEMENT class for the ldapjdk's JSSSocketFactory class. I gather that by replacing this one small class from ldapjdk, the rest of ldapjdk is able to do SSL with client auth. I'll bet others have done something similar, or have modified ldapjdk's JSSSocketFactory class for their own purposes. This leads to a question. If I produced a modification to the ldapjdk's JSSSocketFactory class that gave it the missing client auth features, who would act as the module owner of that module, and review and approve (or disapprove :) the change? _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
