[SERVER-58851] Add custom certificate validation for Windows LDAP connections Created: 26/Jul/21 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Mark Benvenuto | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Participants: | |||||||||
| Description |
|
Windows provides an option to configure how the server certificate is verified via LDAP_OPT_SERVER_CERTIFICATE. A callback hook will be set to call the existing SSLManagerWindows::parseAndValidatePeerCertificate. The Windows LDAP code will create an instance of SSLManagerWindows for its private use to load all the necessary certs and initialize all the structures to support building certificate chains. |