Added checking if certificate validation is disabled for s2s when using SASL EXTERNAL. JM-604

git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@3599 b35dd754-fafc-0310-a699-88a17e54d16e

Added checking if certificate validation is disabled for s2s when using SASL EXTERNAL. JM-604
git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@3599 b35dd754-fafc-0310-a699-88a17e54d16e
38a671e8 · Gaston Dombiak · gato · 692d9aaf · 38a671e8
Commit 38a671e8 authored Mar 21, 2006 by Gaston Dombiak Committed by gato Mar 21, 2006
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

SASLAuthentication.java ...ava/org/jivesoftware/wildfire/net/SASLAuthentication.java +11 -0

No files found.
--- a/src/java/org/jivesoftware/wildfire/net/SASLAuthentication.java
+++ b/src/java/org/jivesoftware/wildfire/net/SASLAuthentication.java
@@ -301,6 +301,17 @@ public class SASLAuthentication {
        if (hostname != null  && hostname.length() > 0) {
            hostname = StringUtils.decodeBase64(hostname);
+            // Check if cerificate validation is disabled for s2s
+            if (session instanceof IncomingServerSession) {
+                // Flag that indicates if certificates of the remote server should be validated.
+                // Disabling certificate validation is not recommended for production environments.
+                boolean verify =
+                        JiveGlobals.getBooleanProperty("xmpp.server.certificate.verify", true);
+                if (!verify) {
+                    authenticationSuccessful(hostname);
+                    return true;
+                }
+            }
            // Check that hostname matches the one provided in a certificate
            for (Certificate certificate : connection.getSSLSession().getPeerCertificates()) {
                if (TLSStreamHandler.getPeerIdentities((X509Certificate) certificate)