Le 11/26/12 5:28 AM, Nick Duan a écrit : > Thanks a lot for all your responses. I am sorry to hear that client > authentication using X.509 cert isn't implemented in Apache DS. Is there > any plan to implement this in future releases? Yes, definitively. > Could someone perhaps point > out which class/package in ApacheDS is responsible for handling the SSL > connection? This is not that simple...
SSL is handle in two places in the server : 1) In MINA (the network layer) when you use LDAPS 2) In the apacheds/protocol-ldap module, in the StartTlsHandler class when you use StartTLS instead of LDPAS. All the handshake is done by MINA. Currently we only use the NoVerificationTrustManager class, so it accepts all the incoming clients. We certinly want to improve this area. I have created a JIRA for that FYI. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
