[
https://issues.apache.org/jira/browse/DIRAPI-69?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17123912#comment-17123912
]
Natan Abolafya commented on DIRAPI-69:
--------------------------------------
Hi,
I noticed the issue now, 8 years after it was reported :). It's non-negotiable
for us to not have hostname verification so I've been looking to work around it
but didn't manage yet. When I create my own TrustManager and debug it, I see it
lands in
{color:#9e880d}@Override
{color}{color:#0033b3}public void
{color}{color:#00627a}checkServerTrusted{color}({color:#000000}X509Certificate{color}[]
chain, {color:#000000}String {color}authType, {color:#000000}SSLEngine
{color}engine) {color:#0033b3}throws {color}{color:#000000}CertificateException
{color}{
But the SSLEngine object is not something I managed to verify. I can't find
neither the hostname/ip used nor the certificates in it.
Do you have any tips to work with this? https://xkcd.com/979/
Thanks.
> API does not allow StartTLS hostname verification
> -------------------------------------------------
>
> Key: DIRAPI-69
> URL: https://issues.apache.org/jira/browse/DIRAPI-69
> Project: Directory Client API
> Issue Type: Improvement
> Affects Versions: 1.0.0-M9
> Reporter: Daniel Fisher
> Assignee: Pierre-Arnaud Marcelot
> Priority: Major
> Fix For: 3.0.0
>
>
> The current API does not have any features for controlling hostname
> verification. In addition, it appears that *no* hostname verification occurs
> by default. See RFC 2830 section 3.6
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
