[jira] [Commented] (OAK-9519) TlsGuardingConnection doesn't do a TLS handshake on reused connections

Manfred Baedke (Jira) Tue, 28 Sep 2021 06:21:09 -0700


    [ 
https://issues.apache.org/jira/browse/OAK-9519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17421383#comment-17421383
 ]


Manfred Baedke commented on OAK-9519:
-------------------------------------

Added test case: 
https://github.com/apache/jackrabbit-oak/commit/bd0526a24f221413976281ccbb0df95170fccc76.

> TlsGuardingConnection doesn't do a TLS handshake on reused connections
> ----------------------------------------------------------------------
>
>                 Key: OAK-9519
>                 URL: https://issues.apache.org/jira/browse/OAK-9519
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: auth-ldap
>    Affects Versions: 1.22.6
>            Reporter: Manfred Baedke
>            Assignee: Manfred Baedke
>            Priority: Major
>              Labels: candidate_oak_1_22, candidate_oak_1_6, candidate_oak_1_8
>             Fix For: 1.42.0
>
>         Attachments: OAK-9519.patch
>
>
> With Oak 1.22.6, org.apache.directory.api.api-all received a major version 
> update. With the previous version, the method 
> LdapNetworkConnection#startTls() failed when called more than once on the 
> same connection. As a workaround we used the derived class 
> TlsGuardingConnection which prevented this. With the new version, not only 
> LdapNetworkConnection#startTls() may be called multiple times, but also has 
> to be called when a connection from the pool is reused. TlsGuardingConnection 
> doesn't do this, which results in insecure connections.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (OAK-9519) TlsGuardingConnection doesn't do a TLS handshake on reused connections

Reply via email to