Skip to content

O
Openfire
Switch branch/tag
History Find file
  • Dave Cridland's avatar
    OF-405 : Perform proper path validation on certificate chains · 78e4eff7
    Dave Cridland authored 
    What this patch actually does is place existing certificates into a CertStore,
including those from its (untrusted) keystore, the trust store, and any from
the chain supplied by the peer, and then rebuild a chain back to a known trust
anchor (from the trust store).

This strategy will cope with unknown ICAs in chains, abbreviated chains, and so
on, and replaces attempts to specifically handle self-signed certificates.

That last said, there is an explicit shortcut to handle self-signed certificates
which are supplied as end-entity certificates. These are simply checked against
the trust store without any attempt to build a path.
    78e4eff7
Name
Last commit
 Last update
..
admin Loading commit data...
audit Loading commit data...
auth Loading commit data...
carbons Loading commit data...
clearspace Loading commit data...
cluster Loading commit data...
commands Loading commit data...
component Loading commit data...
container Loading commit data...
crowd Loading commit data...
disco Loading commit data...
entitycaps Loading commit data...
event Loading commit data...
filetransfer Loading commit data...
forms Loading commit data...
forward Loading commit data...
group Loading commit data...
handler Loading commit data...
http Loading commit data...
interceptor Loading commit data...
launcher Loading commit data...
ldap Loading commit data...
lockout Loading commit data...
mediaproxy Loading commit data...
muc Loading commit data...
multiplex Loading commit data...
net Loading commit data...
nio Loading commit data...
pep Loading commit data...
privacy Loading commit data...
pubsub Loading commit data...
resultsetmanager Loading commit data...
roster Loading commit data...
sasl Loading commit data...
security Loading commit data...
server Loading commit data...
session Loading commit data...
spi Loading commit data...
starter Loading commit data...
stats Loading commit data...
transport Loading commit data...
update Loading commit data...
user Loading commit data...
vcard Loading commit data...
webdav Loading commit data...
Channel.java Loading commit data...
ChannelHandler.java Loading commit data...
ChannelNotFoundException.java Loading commit data...
Connection.java Loading commit data...
ConnectionCloseListener.java Loading commit data...
ConnectionManager.java Loading commit data...
FlashCrossDomainHandler.java Loading commit data...
IQHandlerInfo.java Loading commit data...
IQRouter.java Loading commit data...
JMXManager.java Loading commit data...
LocalSessionManager.java Loading commit data...
MessageRouter.java Loading commit data...
MulticastRouter.java Loading commit data...
OfflineMessage.java Loading commit data...
OfflineMessageListener.java Loading commit data...
OfflineMessageStore.java Loading commit data...
OfflineMessageStrategy.java Loading commit data...
PacketDeliverer.java Loading commit data...
PacketException.java Loading commit data...
PacketRouter.java Loading commit data...
PresenceManager.java Loading commit data...
PresenceRouter.java Loading commit data...
PrivateStorage.java Loading commit data...
RemoteConnectionFailedException.java Loading commit data...
RemotePacketRouter.java Loading commit data...
RoutableChannelHandler.java Loading commit data...
RoutingTable.java Loading commit data...
ServerPort.java Loading commit data...
SessionManager.java Loading commit data...
SessionNotFoundException.java Loading commit data...
SessionPacketRouter.java Loading commit data...
SessionResultFilter.java Loading commit data...
SharedGroupException.java Loading commit data...
StreamID.java Loading commit data...
StreamIDFactory.java Loading commit data...
XMPPContextListener.java Loading commit data...
XMPPServer.java Loading commit data...
XMPPServerInfo.java Loading commit data...
XMPPServerListener.java Loading commit data...

Technounit-GROUP 2023