[
https://issues.apache.org/jira/browse/DIRAPI-69?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13197201#comment-13197201
]
Daniel Fisher commented on DIRAPI-69:
-------------------------------------
I was able to get the functionality I wanted with the current API (M9). Namely,
I wanted both the default certificate trust manager and a hostname verification
trust manager. Configuring multiple trust managers is made more difficult due
to the fact that SSLContext#init() accepts an array, but only uses the first
entry in the array. So in addition to coding a custom trust manager you also
have to code a trust manager that effectively wraps and delegates to all the
trust managers you want to use. Nevertheless, it's possible so you can resolve
this issue.
I do think it's worth noting that no hostname verification occurs by default
for startTLS and this is a violation of RFC 2830 section 3.6. You may want to
consider adding a trust manager to conform.
> startTLS hostname verification
> ------------------------------
>
> Key: DIRAPI-69
> URL: https://issues.apache.org/jira/browse/DIRAPI-69
> Project: Directory Client API
> Issue Type: Improvement
> Reporter: Daniel Fisher
>
> The current API does not have any features for controlling hostname
> verification. In addition, it appears that *no* hostname verification occurs
> by default. See RFC 2830 section 3.6
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
