Allow duplicate peer certification validation to be skipped


Openfire supports "mutual authentication", in which the PKIX certificate of the peer (either clients, or remote XMPP servers) is used as credentials (as opposed to a more traditional username/password).

When mutual authentication occurs, validation of the certificate happens on the TLS layer - in MINA, mostly. Later, the EXTERNAL SASL mechanism is used to authenticate/authorize the user represented by the credentials in the certificate.

In existing code, the validity and correctness of the provided certificate is checked in various places. Although this arguably is prudent (better safe than sorry), it does consume resources, and duplicates execution paths, which makes customization complex

It's desirable to introduce an option that allows an administrator to skip all surplus certificate validation.


Your pinned fields
Click on the next to a field label to start pinning.


Guus der Kinderen


Guus der Kinderen