1 files changed, 23 insertions, 11 deletions

diff --git a/java/ssl/jdk1.4/IceSSL/Instance.java b/java/ssl/jdk1.4/IceSSL/Instance.java
index 0aaf8c22b31..b1794c64765 100644
--- a/java/ssl/jdk1.4/IceSSL/Instance.java
+++ b/java/ssl/jdk1.4/IceSSL/Instance.java
@@ -18,6 +18,7 @@ class Instance
 	_securityTraceLevel = communicator.getProperties().getPropertyAsIntWithDefault("IceSSL.Trace.Security", 0);
 	_securityTraceCategory = "Security";
 	_initialized = false;
+	_trustManager = new TrustManager(communicator);
 
 	// 
 	// Register the endpoint factory. We have to do this now, rather than
@@ -581,22 +582,32 @@ class Instance
 	    }
 	}
 
-	if(_verifier != null)
+	if(!_trustManager.verify(info))
 	{
-	    if(!_verifier.verify(info))
+	    String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by trust manager\n" +
+		IceInternal.Network.fdToString(fd);
+	    if(_securityTraceLevel >= 1)
 	    {
-		String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier\n" +
-		    IceInternal.Network.fdToString(fd);
+		_logger.trace(_securityTraceCategory, msg);
+	    }
+	    Ice.SecurityException ex = new Ice.SecurityException();
+	    ex.reason = msg;
+	    throw ex;
+	}
 
-		if(_securityTraceLevel > 0)
-		{
-		    _logger.trace(_securityTraceCategory, msg);
-		}
+	if(_verifier != null && !_verifier.verify(info))
+	{
+	    String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier\n" +
+		IceInternal.Network.fdToString(fd);
 
-		Ice.SecurityException ex = new Ice.SecurityException();
-		ex.reason = msg;
-		throw ex;
+	    if(_securityTraceLevel > 0)
+	    {
+		_logger.trace(_securityTraceCategory, msg);
 	    }
+
+	    Ice.SecurityException ex = new Ice.SecurityException();
+	    ex.reason = msg;
+	    throw ex;
 	}
     }
 
@@ -728,4 +739,5 @@ class Instance
     private String[] _protocols;
     private boolean _checkCertName;
     private CertificateVerifier _verifier;
+    private TrustManager _trustManager;
 }