Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-4751

Certificate should not be prompted twice

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0
    • Fix Version/s: 6.0.0
    • Component/s: tools
    • Labels:
    • Flagged:
      Impediment

      Description

      Found using OpenDJ 6.0.0 rev f573eca56aa

      Scenario
      1. install a server and create a LDAPS connection handler with keystore containing a certificate with a wrong hostname
      2. do a ldapsearch on this server and verify that the we have a message to indicate that the server is invalid

      $ opendj/bin/ldapsearch -p 1639 -P /tmp/java-client-truststore.jks -T truststorepass -D "cn=Directory Manager" -w password -b dc=com -s base -Z "objectclass=*
      
      Server Certificate:
      
      User DN  : CN=*.wrong.forgerock.com, O=Forgerock, C=FR
      Validity : From 'Tue Feb 06 17:29:08 CET 2018'
                   To 'Fri Feb 04 17:29:08 CET 2028'
      Issuer   : CN=*.root-ca.forgerock.com, O=Forgerock, C=FR
      
      
      
      Do you trust this server certificate?
      
        1) No
        2) Yes, for this session only
        3) View certificate details
      
      Enter choice: [2]: 2
      2
      
      
      The certificate 'CN=*.wrong.forgerock.com, O=Forgerock, C=FR' is not trusted
      for the following reason: No name matching micmac.local found
      
      Server Certificate:
      
      User DN  : CN=*.wrong.forgerock.com, O=Forgerock, C=FR
      Validity : From 'Tue Feb 06 17:29:08 CET 2018'
                   To 'Fri Feb 04 17:29:08 CET 2028'
      Issuer   : CN=*.root-ca.forgerock.com, O=Forgerock, C=FR
      
      
      
      Do you trust this server certificate?
      
        1) No
        2) Yes, for this session only
        3) View certificate details
      
      Enter choice: [2]:
      

      ==> we should not have to trust 2 times the certificate here

      To reproduce the issue:

      $ ./run-pybot.py -s badssl_group.ldaptools -t Ldapsearch_wronghost -v -n DJ
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ylecaillez Yannick Lecaillez
                Reporter:
                csovant Christophe Sovant
                QA Assignee:
                Viktor Nawrath
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: