Felix, On 3/10/15 1:46 PM, Felix Schumacher wrote: > Am 05.03.2015 um 20:39 schrieb Violeta Georgieva: >> Hi, >> >> I plan to start preparing 7.0.60 for voting. >> >> If you want to add something to this release please reply here. > I am not sure about adding one thing. In the new starttls jndi-realm > extension I have made one decision about, which I am more and more > unsure about. > > When setting the hostname verifier or the ssl socket factory fails, the > realm will emit a warning and continue using the default setting. > > Should the realm throw an error instead?
I think whenever security as at stake, failure to enforce the more-secure rules should be fatal. In this case, does the hostname verifier represent an increase or decrease in security? I've seen hostname verifiers replaced with ones that allow anything (just return true) and failing to set that could be considered a warning and not a failure. But if the user is instead setting something more stringent, failure should cause the Realm to fail to start up IMO. It might be hard to tell the user's intentions, so perhaps always failing catastrophically would be a better policy. -chris
signature.asc
Description: OpenPGP digital signature
