mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java
@@ -741,7 +741,7 @@ */ public boolean useSSL() { if (useSSLArg.isPresent()) if (useSSLArg.isPresent() || alwaysSSL()) { return true; } opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java
@@ -439,10 +439,7 @@ } ci = new LDAPConnectionConsoleInteraction(this, argParser.getSecureArgsList()); ci.setDisplayLdapIfSecureParameters( !argParser.isInitializeAllReplicationSubcommand() && !argParser.isPreExternalInitializationSubcommand() || !argParser.isPostExternalInitializationSubcommand()); ci.setDisplayLdapIfSecureParameters(false); } if (returnValue == SUCCESSFUL_NOP) { opends/src/server/org/opends/server/util/cli/ConsoleApplication.java
@@ -929,11 +929,16 @@ } } } if (e.getRootCause() != null) { if (e.getRootCause().getCause() != null) { if (e.getRootCause() != null) { if (e.getRootCause().getCause() != null && !ci.isTrustStoreInMemory() && !ci.isTrustAll()) { if (((e.getRootCause().getCause() instanceof OpendsCertificateException)) || (e.getRootCause() instanceof SSLHandshakeException)) { (e.getRootCause() instanceof SSLHandshakeException)) { Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_NOT_TRUSTED.get( hostName, String.valueOf(portNumber)); @@ -941,7 +946,8 @@ LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message); } } if (e.getRootCause() instanceof SSLException) { if (e.getRootCause() instanceof SSLException) { Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_WRONG_PORT.get( hostName, String.valueOf(portNumber)); opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java
@@ -97,6 +97,9 @@ // Indicate if the truststore in in memory private boolean trustStoreInMemory = false; // Indicate if the all certificates are accepted private boolean trustAll = false; // Indicate that the trust manager was created with the parameters provided private boolean trustManagerInitialized; @@ -282,6 +285,9 @@ this.app = app; this.secureArgsList = secureArgs; this.commandBuilder = new CommandBuilder(null); this.useSSL = secureArgs.useSSL(); this.useStartTLS = secureArgs.useStartTLS(); this.trustAll = secureArgs.trustAllArg.isPresent(); copySecureArgsList = new SecureConnectionCliArgs(secureArgs.alwaysSSL()); try { @@ -343,7 +349,6 @@ || secureArgsList.keyStorePasswordFileArg.isPresent() ); // Get the LDAP host. hostName = secureArgsList.hostNameArg.getValue(); final String tmpHostName = hostName; @@ -403,6 +408,8 @@ useStartTLS = secureArgsList.useStartTLS(); boolean connectionTypeIsSet = ( secureArgsList.alwaysSSL() || secureArgsList.useSSLArg.isPresent() || secureArgsList.useStartTLSArg.isPresent() @@ -826,6 +833,8 @@ ); boolean askForTrustStore = false; trustAll = secureArgsList.trustAllArg.isPresent(); // Try to use the local instance trustore, to avoid certifacte validation // when both the CLI and the server are in the same instance. if (weDontKnowTheTrustMethod) { @@ -866,6 +875,7 @@ if (result.getValue().equals(TrustMethod.TRUSTALL.getChoice())) { commandBuilder.addArgument(copySecureArgsList.trustAllArg); trustAll = true; // If we have the trustALL flag, don't do anything // just return null return null; @@ -1437,6 +1447,15 @@ } /** * Indicate if all certificates must be accepted. * * @return true all certificates must be accepted. */ public boolean isTrustAll() { return this.trustAll; } /** * Indicate if the certificate chain can be trusted. * * @param chain The certificate chain to validate
