Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-4750

Missing message to indicate that the certificate presented by the server is expired or untrusted

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0
    • Fix Version/s: 6.0.0
    • Component/s: tools
    • Labels:
    • Flagged:
      Impediment

      Description

      Found using OpenDJ 6.0.0 rev f573eca56aa

      Scenario
      1. install a server and create a LDAPS connection handler with keystore containing expired certificate
      2. do a ldapsearch on this server and verify that the we have a message to indicate that the certificate is expired

      $ opendj/bin/ldapsearch -p 1638 -P /tmp/java-client-truststore.jks -T truststorepass -D "cn=Directory Manager" -w password -b dc=com -s base -Z "objectclass=*"
      
      Server Certificate:
      
      User DN  : CN=micmac.local, O=Forgerock, C=FR
      Validity : From 'Wed Jan 17 11:20:30 CET 2018'
                   To 'Thu Jan 18 11:20:30 CET 2018'
      Issuer   : CN=*.root-ca.forgerock.com, O=Forgerock, C=FR
      
      
      
      Do you trust this server certificate?
      
        1) No
        2) Yes, for this session only
        3) View certificate details
      
      Enter choice: [2]: 2
      2
      
      dn: dc=com
      objectClass: top
      objectClass: domain
      dc: com
      

      ==> the server is correctly displayed but we should have a message to indicate that the server is expired, something like:

      The certificate ...' is not trusted for the following reason: NotAfter: Thu Jan 18 11:20:30 CET 2018"
      

      ==> we have the same problem with an untrusted cert

      To reproduce the issue:

      $ ./run-pybot.py -s badssl_group.ldaptools -t Ldapsearch_expired -v -n DJ
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ylecaillez Yannick Lecaillez
                Reporter:
                csovant Christophe Sovant
                QA Assignee:
                Viktor Nawrath
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: