From 54d6d3fed0bf3440b0adcc0ac3f18e3f0d132900 Mon Sep 17 00:00:00 2001
From: Mark Craig <mark.craig@forgerock.com>
Date: Tue, 20 May 2014 14:41:00 +0000
Subject: [PATCH] CR-3572 Fix for OPENDJ-1462: Describe how to use SSL correctly

---
 src/main/docbkx/dev-guide/chap-authenticating.xml |   29 ++++++++++++++++-------------
 1 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/src/main/docbkx/dev-guide/chap-authenticating.xml b/src/main/docbkx/dev-guide/chap-authenticating.xml
index 7d555f3..a50223d 100644
--- a/src/main/docbkx/dev-guide/chap-authenticating.xml
+++ b/src/main/docbkx/dev-guide/chap-authenticating.xml
@@ -104,28 +104,31 @@
   factory in order to set an SSL context, and set whether to use Start TLS.
   The SSL context lets you set a trust manager to check server certificates,
   and also set a key manager to provide keys when the server needs to check
-  your client certificates. In the simplest, not-so-secure case, you can
-  set up a trust manager that trusts all certificates.</para>
+  your client certificates.</para>
   
   <para>The following example is an excerpt from the OpenDJ LDAP SDK example,
   <filename>SimpleAuth.java</filename>.</para>
   
   <programlisting language="java"
-  >[jcp:org.forgerock.opendj.examples.SimpleAuth:--- JCite trust all ---]</programlisting>
+  >[jcp:org.forgerock.opendj.examples.SimpleAuth:--- JCite trust options ---]</programlisting>
   
-  <para>A more secure and extensive SSL context would include a trust manager
-  using a trust store and trust manager methods to check server certificates.
-  If you also want to be able to authenticate to the server using your client
-  certificate, you would need a key manager.</para>
+  <para>
+   This implementation relies on a Java Key Store format trust store,
+   and trust manager methods to check server certificates.
+   If you also want to be able to authenticate to the server
+   using your client certificate, then you would need a key manager, too.
+  </para>
   
-  <para>The authentication over SSL or using Start TLS in the trust-all case is
-  much like simple authentication over LDAP without connection-level security.
-  The primary differences are that you pass the <literal>LDAPOptions</literal>
-  to the LDAP connection factory, and that you handle the potential security
-  exception involved in setting up the SSL context.</para>
+  <para>
+   The authentication over SSL or using Start TLS is
+   much like simple authentication over LDAP without connection-level security.
+   The primary differences are that you pass the <literal>LDAPOptions</literal>
+   to the LDAP connection factory, and that you handle the potential security
+   exception involved in setting up the SSL context.
+  </para>
   
   <programlisting language="java"
-  >[jcp:org.forgerock.opendj.examples.SimpleAuth:--- JCite trust all connect ---]</programlisting>
+  >[jcp:org.forgerock.opendj.examples.SimpleAuth:--- JCite secure connect ---]</programlisting>
 
   <para>For a complete example in context, see <link
   xlink:href="http://opendj.forgerock.org/opendj-ldap-sdk-examples/xref/org/forgerock/opendj/examples/SimpleAuth.html"

--
Gitblit v1.10.0