81 lines
3.1 KiB
Diff
81 lines
3.1 KiB
Diff
--- icedtea-3.8.0/openjdk/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java 2018-09-18 10:25:46.640166044 +0200
|
|
+++ icedtea-3.8.0/openjdk/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java 2018-09-18 10:26:40.104457189 +0200
|
|
@@ -27,26 +27,27 @@
|
|
|
|
import java.io.BufferedInputStream;
|
|
import java.io.BufferedOutputStream;
|
|
-import java.io.InterruptedIOException;
|
|
import java.io.IOException;
|
|
-import java.io.OutputStream;
|
|
import java.io.InputStream;
|
|
+import java.io.InterruptedIOException;
|
|
+import java.io.OutputStream;
|
|
+import java.lang.reflect.Constructor;
|
|
+import java.lang.reflect.InvocationTargetException;
|
|
+import java.lang.reflect.Method;
|
|
import java.net.Socket;
|
|
-import javax.net.ssl.SSLSocket;
|
|
+import java.security.AccessController;
|
|
+import java.security.PrivilegedAction;
|
|
+import java.util.Arrays;
|
|
|
|
import javax.naming.CommunicationException;
|
|
-import javax.naming.ServiceUnavailableException;
|
|
-import javax.naming.NamingException;
|
|
import javax.naming.InterruptedNamingException;
|
|
-
|
|
+import javax.naming.NamingException;
|
|
+import javax.naming.ServiceUnavailableException;
|
|
import javax.naming.ldap.Control;
|
|
+import javax.net.ssl.SSLParameters;
|
|
+import javax.net.ssl.SSLSocket;
|
|
|
|
-import java.lang.reflect.Method;
|
|
-import java.lang.reflect.Constructor;
|
|
-import java.lang.reflect.InvocationTargetException;
|
|
-import java.util.Arrays;
|
|
import sun.misc.IOUtils;
|
|
-//import javax.net.SocketFactory;
|
|
|
|
/**
|
|
* A thread that creates a connection to an LDAP server.
|
|
@@ -159,7 +160,18 @@
|
|
|
|
int readTimeout;
|
|
int connectTimeout;
|
|
+ private static final boolean IS_HOSTNAME_VERIFICATION_DISABLED
|
|
+ = hostnameVerificationDisabledValue();
|
|
|
|
+ private static boolean hostnameVerificationDisabledValue() {
|
|
+ PrivilegedAction<String> act = () -> System.getProperty(
|
|
+ "com.sun.jndi.ldap.object.disableEndpointIdentification");
|
|
+ String prop = AccessController.doPrivileged(act);
|
|
+ if (prop == null) {
|
|
+ return false;
|
|
+ }
|
|
+ return prop.isEmpty() ? true : Boolean.parseBoolean(prop);
|
|
+ }
|
|
// true means v3; false means v2
|
|
// Called in LdapClient.authenticate() (which is synchronized)
|
|
// when connection is "quiet" and not shared; no need to synchronize
|
|
@@ -368,11 +380,17 @@
|
|
// the SSL handshake following socket connection as part of the timeout.
|
|
// So explicitly set a socket read timeout, trigger the SSL handshake,
|
|
// then reset the timeout.
|
|
- if (connectTimeout > 0 && socket instanceof SSLSocket) {
|
|
+ if (socket instanceof SSLSocket) {
|
|
SSLSocket sslSocket = (SSLSocket) socket;
|
|
int socketTimeout = sslSocket.getSoTimeout();
|
|
-
|
|
+ if (!IS_HOSTNAME_VERIFICATION_DISABLED) {
|
|
+ SSLParameters param = sslSocket.getSSLParameters();
|
|
+ param.setEndpointIdentificationAlgorithm("LDAPS");
|
|
+ sslSocket.setSSLParameters(param);
|
|
+ }
|
|
+ if (connectTimeout > 0) {
|
|
sslSocket.setSoTimeout(connectTimeout); // reuse full timeout value
|
|
+ }
|
|
sslSocket.startHandshake();
|
|
sslSocket.setSoTimeout(socketTimeout);
|
|
}
|