[
https://issues.apache.org/jira/browse/DIRSTUDIO-263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12678889#action_12678889
]
Marius Scurtescu commented on DIRSTUDIO-263:
--------------------------------------------
Adding proper certificate exception handling when validation fails is probably
a large job, this is why this feature gets postponed. Is that correct?
As an intermediate step maybe the validation can still be done and the
validation error shown, then proceed as usual regardless. But at least you are
warned that validation failed.
Please make sure that the hostname is also validated, AFAIK this is not done by
default and must be done explicitly in JNDI, at least for LDAPS, not sure about
StartTLS.
See this thread for some details:
http://forums.sun.com/thread.jspa?messageID=10629641
> Add certificate validation for ldaps and StartTLS
> -------------------------------------------------
>
> Key: DIRSTUDIO-263
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-263
> Project: Directory Studio
> Issue Type: Improvement
> Components: studio-dsml-parser
> Reporter: Stefan Seelmann
> Assignee: Stefan Seelmann
> Priority: Minor
>
> We have encrypted connections using ldaps:// or the StartTLS extended
> operation, but the certificate isn't validated as we always use a
> DummySSLSocketFactory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
