[OAK-9519] TlsGuardingConnection doesn't do a TLS handshake on reused connections - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.22.6
Fix Version/s: 1.8.25, 1.42.0, 1.6.22, 1.22.9
Component/s: auth-ldap
Labels:
None

Description

With Oak 1.22.6, org.apache.directory.api.api-all received a major version update. With the previous version, the method LdapNetworkConnection#startTls() failed when called more than once on the same connection. As a workaround we used the derived class TlsGuardingConnection which prevented this. With the new version, not only LdapNetworkConnection#startTls() may be called multiple times, but also has to be called when a connection from the pool is reused. TlsGuardingConnection doesn't do this, which results in insecure connections.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OAK-9519.patch
29/Jul/21 22:37
2 kB
Manfred Baedke

Issue Links

is related to

OAK-9533 oak-auth-ldap has no TLS or SSL test coverage at all

Resolved

relates to

OAK-8769 oak-auth-ldap pom needs maintenance

Closed

Activity

People

Assignee:: Manfred Baedke

Reporter:: Manfred Baedke

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Jul/21 22:32

Updated:: 11/Oct/21 07:29

Resolved:: 22/Sep/21 22:31