[EMAIL PROTECTED] wrote: > This is sort of a follow-on to Mike's message of last Sept. 12. > It, and Bug 352673 discussion, led us to be able to have our > applications handle new certificates being created while the apps are > running. We detect the INVALID_CREDENTIALS error and call: > ldap_unbind_s() > ldapssl_shutdown() (which calls SSL_ClearSessionCache() and > NSS_Shutdown()) > ...and re-initialize, and everybody's happy - in our C++ world. > ____________________ > > Now we need to accomplish the same thing in our Java apps, but > can't seem to make them let go of and re-fetch certificates. > We connect with: > jsf = new JSSSocketFactory(certDir) > conn = new LDAPConnection(jsf) > conn.connect() > conn.authenticate(), using EXTERNAL mechanism > > After re-creating certificates while running, on the > INVALID_CREDENTIALS error, we call: > connection.disconnect() > (which calls LDAPConnThread::deregister() and thus > sendUnbindRequest() ) > SSLServerSocket.clearSessionCache() > ...and re-initialize as in the beginning. > But, we continue to get INVALID_CREDENTIALS errors. > I'm guessing we're not cleaning up enough before re-initializing, > but don't know what else to try (e.g. can't find a Java handle to an > NSS_Shutdown() call, as in C)
If the ldapjdk doesn't provide a way to do this, then you might be able to call JSS directly. Try mozilla.dev.tech.crypto where the JSS developers hang out. > > Thanks for any help. > > Steve > _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
