You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Freeman Fang (Updated) (JIRA)" <ji...@apache.org> on 2012/02/14 10:02:01 UTC
[jira] [Updated] (WSS-338) should set com....security.enableCRLDP
when enableRevocation is true
[ https://issues.apache.org/jira/browse/WSS-338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Freeman Fang updated WSS-338:
-----------------------------
Attachment: WSS-338.patch
> should set com....security.enableCRLDP when enableRevocation is true
> --------------------------------------------------------------------
>
> Key: WSS-338
> URL: https://issues.apache.org/jira/browse/WSS-338
> Project: WSS4J
> Issue Type: Improvement
> Affects Versions: 1.6.4
> Reporter: Freeman Fang
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.5
>
> Attachments: WSS-338.patch
>
>
> When we use CRL to do revocation certificate check, generally the certificates can carry CRLDistributionPoints extension(which is http or ldap url), but currently we can't use this CRLDistributionPoints in certificates out of the box. It would be better that we can use CRLDistributionPoints out of box. Simply set com.sun|ibm.security.enableCRLDP property as true when enableRevocation ensure that we get chance to use the CRLDistributionPoints in certificates and no necessary to specify org.apache.ws.security.crypto.merlin.x509crl.file explicitly and whatnot for Crypto instance.
> Set this property won't affect current logic, e.g., if there is no CRLDistributionPoints in certificates then it still can use the crl file specified by org.apache.ws.security.crypto.merlin.x509crl.file
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org