[
https://issues.apache.org/jira/browse/DIRAPI-91?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13470111#comment-13470111
]
Emmanuel Lecharny commented on DIRAPI-91:
-----------------------------------------
Hmmm, I think that Raphaël is right here.
The way we initiliaze he TM is not necessarily good :
public LdapConnectionConfig()
{
setDefaultTrustManager();
}
/**
* sets the default trust manager based on the SunX509 trustManagement
algorithm
*/
private void setDefaultTrustManager()
{
String trustMgmtAlgo = "SunX509";
try
{
TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(
trustMgmtAlgo );
tmFactory.init( KeyStore.getInstance( KeyStore.getDefaultType() ) );
...
I'd rather use what Rapheël is proposing, and remove the hard coded "SunX509"
value.
> Use SUN default TrustManager
> ----------------------------
>
> Key: DIRAPI-91
> URL: https://issues.apache.org/jira/browse/DIRAPI-91
> Project: Directory Client API
> Issue Type: Improvement
> Affects Versions: 1.0.0-M11, 1.0.0-M12
> Reporter: Raphaël Ouazana
>
> I want to connect to an OpenLDAP directory with LDAPS.
> With JNDI, I just need to modify the common keystore, or to add a specific
> one with javax.net.ssl.trustStore.
> With DIRAPI, I need to provide a TrustManager (which I eventually can
> initialize with SUN one).
> I suggest to initialize the default TrustManager to SUN one. This can be done
> in LdapConnectionConfig by replacing:
> TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(
> trustMgmtAlgo );
> tmFactory.init( KeyStore.getInstance( KeyStore.getDefaultType() )
> );
> with:
> TrustManagerFactory tmFactory =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> tmFactory.init((KeyStore)null);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
