Nelson,
In the Solaris 10 patch that Sun released on Tuesday, Sept 23, 2008, the JAVA LDAP JDK has been updated. (http://sunsolve.sun.com/search/document.do?assetkey=1-34-10-1)
Patch 119725-04 updated Java LDAP to 4.18
Patch 119725-05 updated Java LDAP to 4.20
Patch 119725-06 updated Java LDAP to 4.21 (in the release from Tuesday)
It also includes a patch, 116837-03, to the LDAP C SDK library to version 5.18.
The patch, 119213-17, includes NSS 3.11.9, NSPR 4.7, and JSS 4.2.6.
david.
>To: [email protected]
>From: Nelson Bolyard <[EMAIL PROTECTED]>
>Sent by: [EMAIL PROTECTED]
>Date: 09/25/2008 12:38PM
>Subject: Re: Where is the recent Java LDAP-SSL code?
>
>Rich Megginson wrote, On 2008-09-24 19:00:
>> Nelson Bolyard wrote:
>>> The Java LDAP SSL code in java-sdk/ldapjdk/netscape/ldap on the
>trunk
>>> is very old, dating back to 2002, and bearing the tag
>LDAPJavaSDK_418.
>>>
>>>
>http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/directory/java-sd
>k/ldapjdk/netscape/ldap/factory/JSSSocketFactory.java&rev=1.3&mark=14
>6#129
>>>
>>>
>http://bonsai.mozilla.org/cvsgraph.cgi?file=mozilla/directory/java-sd
>k/ldapjdk/netscape/ldap/factory/JSSSocketFactory.java
>>>
>>> Is that the latest version?
>> Yes.
>
>> That's the latest that I know of. I'm not aware of anything later.
> I
>> think there might be a couple of patches in bugzilla that might
>have
>> made it to HEAD.
>>
>>> Or are some vendors shipping private newer versions of it?
>>
>> Not that I know of. I think jpackage.org has 4.17 or 4.18, which
>are
>> the versions included with various versions of Red Hat Enterprise
>Linux,
>> Fedora, and some other linux distros. That's also the version we
>> include with the Red Hat (ex-Netscape) server products.
>
>Thanks, Rich,
>
>The question to which I am ultimately trying to get is:
>Does this Java LDAP SDK support SSL client authentication with
>client
>certificates?
>And my conclusion at this time is: no, it does not.
>
>I base that on these observations.
>1. There are exactly two ways to do SSL client authentication with
>certificates using JSS. They are:
>
>a) Supplying a certApprovalCallback as an argument to the SSLSocket
>constructor, which this SDK does not do, as seen at
>http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/directory/java-sd
>k/ldapjdk/netscape/ldap/factory/JSSSocketFactory.java&rev=1.3&mark=14
>6#129
>
>b) Calling either of the following two methods on the SSLSocket
>object
>before doing the handshake:
>setClientCertNickname
>setClientCert
>Based on the content of this page:
>http://mxr.mozilla.org/mozilla/search?string=setClientCert&find=ldapj
>dk
>I conclude that the ldapjdk does not do that, either.
>
>So, based on the above observations, I conclude that this Java LDAP
>SDK
>has no support for SSL client authentication with certificates.
>
>Rich, Do you concur with that conclusion?
>_______________________________________________
>dev-tech-ldap mailing list
>[email protected]
>https://lists.mozilla.org/listinfo/dev-tech-ldap
_______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
