[
https://issues.apache.org/jira/browse/DIRAPI-69?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13191977#comment-13191977
]
Pierre-Arnaud Marcelot commented on DIRAPI-69:
----------------------------------------------
Hi Daniel,
Have you tried implementing a javax.net.ssl.X509TrustManager and assigning it
to the
org.apache.directory.ldap.client.api.LdapConnectionConfig.setTrustManagers(TrustManager...)
method?
I know it's working when accessing the servers using LDAPS but I'm not sure
it's used during the StartTLS operation though.
FYI, we provide a default implementation
org.apache.directory.ldap.client.api.NoVerificationTrustManager which trusts
the given certificates without verifying them (and logs as debug the received
certificates)
> startTLS hostname verification
> ------------------------------
>
> Key: DIRAPI-69
> URL: https://issues.apache.org/jira/browse/DIRAPI-69
> Project: Directory Client API
> Issue Type: Improvement
> Reporter: Daniel Fisher
>
> The current API does not have any features for controlling hostname
> verification. In addition, it appears that *no* hostname verification occurs
> by default. See RFC 2830 section 3.6
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
