@@ -856,7 +856,6 @@ public class ConnectionListener
*
* @return true when self-signed certificates are accepted, otherwise false.
*/
// TODO add setter!
publicbooleanacceptSelfSignedCertificates()
{
// TODO these are new properties! Deprecate (migrate?) all existing 'accept-selfsigned properties' (Eg: org.jivesoftware.openfire.session.ConnectionSettings.Server.TLS_ACCEPT_SELFSIGNED_CERTS )
...
...
@@ -873,13 +872,34 @@ public class ConnectionListener
}
}
/**
* Configuresif self-signed peer certificates can be used to establish an encrypted connection.
*
* @param accept true when self-signed certificates are accepted, otherwise false.
Log.debug("Ignoring self-signed certificate acceptance policy change request (to '{}'): listener already in this state.",accept);
return;
}
Log.debug("Changing self-signed certificate acceptance policy from '{}' to '{}'.",oldValue,accept);
restart();
}
/**
* A boolean that indicates if the current validity of certificates (based on their 'notBefore' and 'notAfter'
* property values) is used when they are used to establish an encrypted connection..
*
* @return true when certificates are required to be valid to establish a secured connection, otherwise false.
*/
// TODO add setter!
publicbooleanverifyCertificateValidity()
{
// TODO these are new properties! Deprecate (migrate?) all existing 'verify / verify-validity properties' (Eg: org.jivesoftware.openfire.session.ConnectionSettings.Server.TLS_CERTIFICATE_VERIFY_VALIDITY )
...
...
@@ -896,6 +916,29 @@ public class ConnectionListener
}
}
/**
* Configures if the current validity of certificates (based on their 'notBefore' and 'notAfter' property values) is
* used when they are used to establish an encrypted connection..
*
* @param verify true when certificates are required to be valid to establish a secured connection, otherwise false.
webManager.logEvent("Updated connection settings for "+connectionType,"Applied configuration to plain-text as well as legacy-mode connection listeners.");
...
...
@@ -239,6 +247,23 @@
<br/>
<h4>Certificate chain checking</h4>
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<tablecellpadding="3"cellspacing="0"border="0">
<trvalign="middle">
<td>
<inputtype="checkbox"name="plaintext-accept-self-signed-certificates"id="plaintext-accept-self-signed-certificates"${plaintextConfiguration.acceptSelfSignedCertificates?'checked':''}/><labelfor="plaintext-accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
</td>
</tr>
<trvalign="middle">
<td>
<inputtype="checkbox"name="plaintext-verify-certificate-validity"id="plaintext-verify-certificate-validity"${plaintextConfiguration.verifyCertificateValidity?'checked':''}/><labelfor="plaintext-verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<tablecellpadding="3"cellspacing="0"border="0">
<trvalign="middle">
<td>
<inputtype="checkbox"name="legacymode-accept-self-signed-certificates"id="legacymode-accept-self-signed-certificates"${legacymodeConfiguration.acceptSelfSignedCertificates?'checked':''}/><labelfor="legacymode-accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
</td>
</tr>
<trvalign="middle">
<td>
<inputtype="checkbox"name="legacymode-verify-certificate-validity"id="legacymode-verify-certificate-validity"${legacymodeConfiguration.verifyCertificateValidity?'checked':''}/><labelfor="legacymode-verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>
// final int plaintextListenerMaxThreads = ParamUtils.getIntParameter( request, "plaintext-maxThreads", plaintextConfiguration.getMaxThreadPoolSize() );
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<tablecellpadding="3"cellspacing="0"border="0">
<trvalign="middle">
<td>
<inputtype="checkbox"name="legacymode-accept-self-signed-certificates"id="legacymode-accept-self-signed-certificates"${legacymodeConfiguration.acceptSelfSignedCertificates?'checked':''}/><labelfor="legacymode-accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
</td>
</tr>
<trvalign="middle">
<td>
<inputtype="checkbox"name="legacymode-verify-certificate-validity"id="legacymode-verify-certificate-validity"${legacymodeConfiguration.verifyCertificateValidity?'checked':''}/><labelfor="legacymode-verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>