You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Marcin Markiewicz (JIRA)" <ji...@apache.org> on 2011/04/15 19:23:06 UTC
[jira] [Created] (WSS-278) verifyTrust in Crypto should use CRLs as
well
verifyTrust in Crypto should use CRLs as well
---------------------------------------------
Key: WSS-278
URL: https://issues.apache.org/jira/browse/WSS-278
Project: WSS4J
Issue Type: Improvement
Components: WSS4J Core
Affects Versions: 1.6, 1.6.1
Environment: all
Reporter: Marcin Markiewicz
Assignee: Colm O hEigeartaigh
The trust chain is validated without checking the CRLs. It is done this way, because Merlin does not check the CRLs as well. But it could be done by using CertPathValidator with proper parameters:
java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(...);
params.setRevocationEnabled(true);
It would be nice, if th verifyTrust-Method in Crypto would provide the functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...) ?) would be created.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Updated] (WSS-278) verifyTrust in Crypto should use CRLs as
well
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated WSS-278:
------------------------------------
Affects Version/s: (was: 1.6.1)
Fix Version/s: 1.6.1
> verifyTrust in Crypto should use CRLs as well
> ---------------------------------------------
>
> Key: WSS-278
> URL: https://issues.apache.org/jira/browse/WSS-278
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6
> Environment: all
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.1
>
>
> The trust chain is validated without checking the CRLs. It is done this way, because Merlin does not check the CRLs as well. But it could be done by using CertPathValidator with proper parameters:
> java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(...);
> params.setRevocationEnabled(true);
> It would be nice, if th verifyTrust-Method in Crypto would provide the functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...) ?) would be created.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Resolved] (WSS-278) verifyTrust in Crypto should use CRLs
as well
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-278.
-------------------------------------
Resolution: Fixed
Fixed. Please see this blog entry for more details:
http://coheigea.blogspot.com/2011/05/crl-support-in-wss4j-161.html
Colm.
> verifyTrust in Crypto should use CRLs as well
> ---------------------------------------------
>
> Key: WSS-278
> URL: https://issues.apache.org/jira/browse/WSS-278
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6
> Environment: all
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.1
>
>
> The trust chain is validated without checking the CRLs. It is done this way, because Merlin does not check the CRLs as well. But it could be done by using CertPathValidator with proper parameters:
> java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(...);
> params.setRevocationEnabled(true);
> It would be nice, if th verifyTrust-Method in Crypto would provide the functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...) ?) would be created.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Closed] (WSS-278) verifyTrust in Crypto should use CRLs as
well
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-278.
-----------------------------------
> verifyTrust in Crypto should use CRLs as well
> ---------------------------------------------
>
> Key: WSS-278
> URL: https://issues.apache.org/jira/browse/WSS-278
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6
> Environment: all
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.1
>
>
> The trust chain is validated without checking the CRLs. It is done this way, because Merlin does not check the CRLs as well. But it could be done by using CertPathValidator with proper parameters:
> java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(...);
> params.setRevocationEnabled(true);
> It would be nice, if th verifyTrust-Method in Crypto would provide the functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...) ?) would be created.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org