Hi John-
Yes, you can do this with a little code stubbing for your unit test.
WARNING: Do not ship any of these dummy test classes to production or other
operational environments.
1. Create a dummy ssl socket factory class
2. Create a test class that extends the ActiveMQ LDAPLoginModule and override
the openContext method
3. Pass an environment variable to the LDAP InitialDirContext pointing to your
custom dummy ssl socket factory class:
env.put ("java.naming.ldap.factory.socket",
NonVerifyingSSLSocketFactory.class.getName ());
4. Run tests using dummy ssl and localhost
ActiveMQ LDAPLoginModule openContext method:
https://github.com/apache/activemq/blob/4ff78ddab993d62408c8e63ce63a63d5757fe039/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java#L482
Stack overflow:
https://stackoverflow.com/questions/52600211/how-to-programmatically-disable-certificate-hostname-verification-in-java-ldap-j
Thanks,
Matt Pavlovich
> On Oct 21, 2024, at 3:53 AM, John, Richard <richard.john@c
> apgemini.com.INVALID> wrote:
>
> Good morning.
>
> Is it possible to disable SSL certificate verification checks (just for test
> purposes) - specifically the checks against SANs in the certificate - for
> LDAPS calls via the LDAPLoginModule?
>
> Thanks
>
> ________________________________
>
> Capgemini is a trading name used by the Capgemini Group of companies which
> includes Capgemini UK plc, a company registered in England and Wales (number
> 943935) whose registered office is at No. 1, Forge End, Woking, Surrey, GU21
> 6DB.
> This message contains information that may be privileged or confidential and
> is the property of the Capgemini Group. It is intended only for the person to
> whom it is addressed. If you are not the intended recipient, you are not
> authorized to read, print, retain, copy, disseminate, distribute, or use this
> message or any part thereof. If you receive this message in error, please
> notify the sender immediately and delete all copies of this message.
