You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2011/05/30 16:13:47 UTC
[jira] [Resolved] (WSS-278) verifyTrust in Crypto should use CRLs
as well
[ https://issues.apache.org/jira/browse/WSS-278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-278.
-------------------------------------
Resolution: Fixed
Fixed. Please see this blog entry for more details:
http://coheigea.blogspot.com/2011/05/crl-support-in-wss4j-161.html
Colm.
> verifyTrust in Crypto should use CRLs as well
> ---------------------------------------------
>
> Key: WSS-278
> URL: https://issues.apache.org/jira/browse/WSS-278
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6
> Environment: all
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.1
>
>
> The trust chain is validated without checking the CRLs. It is done this way, because Merlin does not check the CRLs as well. But it could be done by using CertPathValidator with proper parameters:
> java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(...);
> params.setRevocationEnabled(true);
> It would be nice, if th verifyTrust-Method in Crypto would provide the functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...) ?) would be created.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org