We're updating the issue view to help you get more done. 

Allow duplicate peer certification validation to be skipped

Description

Openfire supports "mutual authentication", in which the PKIX certificate of the peer (either clients, or remote XMPP servers) is used as credentials (as opposed to a more traditional username/password).

When mutual authentication occurs, validation of the certificate happens on the TLS layer - in MINA, mostly. Later, the EXTERNAL SASL mechanism is used to authenticate/authorize the user represented by the credentials in the certificate.

In existing code, the validity and correctness of the provided certificate is checked in various places. Although this arguably is prudent (better safe than sorry), it does consume resources, and duplicates execution paths, which makes customization complex

It's desirable to introduce an option that allows an administrator to skip all surplus certificate validation.

Environment

None

Acceptance Test - Entry

None
Fixed

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Fix versions

Priority

Minor
Configure