Mercurial > hg > openjdk > jdk6 > jdk
changeset 1818:9583b6a8e412
8200666: Improve LDAP support
Reviewed-by: chegar
author | rpatil |
---|---|
date | Fri, 08 Jun 2018 07:54:59 -0700 |
parents | fd8651a3b753 |
children | 015385190f06 |
files | src/share/classes/com/sun/jndi/ldap/Connection.java |
diffstat | 1 files changed, 30 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/jndi/ldap/Connection.java Sat Mar 17 14:14:23 2018 -0700 +++ b/src/share/classes/com/sun/jndi/ldap/Connection.java Fri Jun 08 07:54:59 2018 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,8 +43,11 @@ import java.lang.reflect.Method; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Arrays; import sun.misc.IOUtils; +import sun.security.ssl.SSLSocketImpl; //import javax.net.SocketFactory; /** @@ -157,6 +160,23 @@ volatile boolean useable = true; // is Connection still useable private int readTimeout; + private static final boolean IS_HOSTNAME_VERIFICATION_DISABLED + = hostnameVerificationDisabledValue(); + + private static boolean hostnameVerificationDisabledValue() { + PrivilegedAction<String> act = new PrivilegedAction<String>() { + @Override + public String run() { + return System.getProperty( + "com.sun.jndi.ldap.object.disableEndpointIdentification"); + } + }; + String prop = AccessController.doPrivileged(act); + if (prop == null) { + return false; + } + return prop.isEmpty() ? true : Boolean.parseBoolean(prop); + } // true means v3; false means v2 // Called in LdapClient.authenticate() (which is synchronized) @@ -366,6 +386,15 @@ } } + if (!IS_HOSTNAME_VERIFICATION_DISABLED) { + if (socket instanceof SSLSocketImpl) { + boolean enabled = ((SSLSocketImpl)socket).trySetHostnameVerification("LDAPS"); + if (debug) { + System.out.println("Connection: enabling endpoint identification: " + enabled); + } + } + } + return socket; }