You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2022/10/11 01:39:00 UTC

[jira] [Created] (JAMES-3833) SSL client auth: verify Certificates Revocation Lists

Benoit Tellier created JAMES-3833:
-------------------------------------

             Summary: SSL client auth: verify Certificates Revocation Lists
                 Key: JAMES-3833
                 URL: https://issues.apache.org/jira/browse/JAMES-3833
             Project: James Server
          Issue Type: New Feature
          Components: protocols
            Reporter: Benoit Tellier
             Fix For: 3.8.0


See https://www.thesslstore.com/blog/crl-explained-what-is-a-certificate-revocation-list/ for context.

Allow a user to enable OCSP checks for client certificates against CRLs:

{code:java}
<tls socketTLS="false" startTLS="true">
  <keystore>file://conf/keystore</keystore>
  <keystoreType>JKS</keystoreType>
  <secret>yoursecret</secret>

  <clientAuth>
    <truststore>file://conf/truststore</truststore>
    <truststoreType>JKS</truststoreType>
    <truststoreSecret>yoursecret</truststoreSecret>
    <enableOCSPCRLChecks>true</enableOCSPCRLChecks>
  </clientAuth>
</tls>
{code}

This might be necessary IE for medical field users of the James server.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org