[
https://issues.apache.org/jira/browse/DIRAPI-91?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13470110#comment-13470110
]
Kiran Ayyagari commented on DIRAPI-91:
--------------------------------------
Ok, now I see that we don't use NoVerificationTrustManager by default in code,
but to the one initialized based on "SunX509" algorithm and an empty KeyStore.
I will commit a fix. Thank you.
> Use SUN default TrustManager
> ----------------------------
>
> Key: DIRAPI-91
> URL: https://issues.apache.org/jira/browse/DIRAPI-91
> Project: Directory Client API
> Issue Type: Improvement
> Affects Versions: 1.0.0-M11, 1.0.0-M12
> Reporter: Raphaƫl Ouazana
>
> I want to connect to an OpenLDAP directory with LDAPS.
> With JNDI, I just need to modify the common keystore, or to add a specific
> one with javax.net.ssl.trustStore.
> With DIRAPI, I need to provide a TrustManager (which I eventually can
> initialize with SUN one).
> I suggest to initialize the default TrustManager to SUN one. This can be done
> in LdapConnectionConfig by replacing:
> TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(
> trustMgmtAlgo );
> tmFactory.init( KeyStore.getInstance( KeyStore.getDefaultType() )
> );
> with:
> TrustManagerFactory tmFactory =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> tmFactory.init((KeyStore)null);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
