From d2f8eac230a525a06a4659a66c38eb26139fa735 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Tue, 27 Mar 2007 20:13:00 +0000
Subject: [PATCH] Update the LDAP connection handler so that it only attempts to verify the key manager provider and trust manager provider values if either SSL or StartTLS is enabled.  Previously, if a key/trust manager provider value was provided, then the server would require it to refer to a valid enabled key/trust manager provider, even if it wouldn't be used.  Also, add a new check to ensure that if SSL or StartTLS is enabled, then a valid key manager provider and trust manager provider must have been configured for that connection handler.

---
 opends/src/server/org/opends/server/messages/ProtocolMessages.java |   32 ++++++++++++++++++++++++++++++++
 1 files changed, 32 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/messages/ProtocolMessages.java b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
index cb18329..bd0ad25 100644
--- a/opends/src/server/org/opends/server/messages/ProtocolMessages.java
+++ b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
@@ -4359,6 +4359,28 @@
 
 
   /**
+   * The message ID for the message that will be used if either SSL or StartTLS
+   * support is enabled but no key manager provider is configured for the
+   * connection handler.  This takes a single argument, which is the DN of the
+   * connection handler configuration entry.
+   */
+  public static final int MSGID_LDAP_CONNHANDLER_NO_KEYMANAGER_DN =
+       CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_SEVERE_ERROR | 402;
+
+
+
+  /**
+   * The message ID for the message that will be used if either SSL or StartTLS
+   * support is enabled but no trust manager provider is configured for the
+   * connection handler.  This takes a single argument, which is the DN of the
+   * connection handler configuration entry.
+   */
+  public static final int MSGID_LDAP_CONNHANDLER_NO_TRUSTMANAGER_DN =
+       CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_SEVERE_ERROR | 403;
+
+
+
+  /**
    * Associates a set of generic messages with the message IDs defined in this
    * class.
    */
@@ -5523,6 +5545,16 @@
                     "operation.  These options may not be used at the same " +
                     "time, so clients will not be allowed to use the " +
                     "StartTLS operation.");
+    registerMessage(MSGID_LDAP_CONNHANDLER_NO_KEYMANAGER_DN,
+                    "The LDAP connection handler defined in configuration " +
+                    "entry %s is configured to use either SSL or StartTLS, " +
+                    "but does not specify which key manager provider should " +
+                    "be used.");
+    registerMessage(MSGID_LDAP_CONNHANDLER_NO_TRUSTMANAGER_DN,
+                    "The LDAP connection handler defined in configuration " +
+                    "entry %s is configured to use either SSL or StartTLS, " +
+                    "but does not specify which trust manager provider " +
+                    "should be used.");
     registerMessage(MSGID_LDAP_CONNHANDLER_CANNOT_DETERMINE_ALLOW_STARTTLS,
                     "An unexpected error occurred while processing the " +
                     ATTR_ALLOW_STARTTLS + " attribute in configuration entry " +

--
Gitblit v1.10.0