ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Freeman Fang (Created) (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WSS-338) should set com....security.enableCRLDP when enableRevocation is true
Date Tue, 14 Feb 2012 08:59:59 GMT
should set com....security.enableCRLDP when enableRevocation is true
--------------------------------------------------------------------

                 Key: WSS-338
                 URL: https://issues.apache.org/jira/browse/WSS-338
             Project: WSS4J
          Issue Type: Improvement
    Affects Versions: 1.6.4
            Reporter: Freeman Fang
            Assignee: Colm O hEigeartaigh
             Fix For: 1.6.5


When we use CRL to do revocation certificate check, generally the certificates can carry CRLDistributionPoints
extension(which is http or ldap url), but currently we can't use this CRLDistributionPoints
in certificates out of the box. It would be better that we can use CRLDistributionPoints out
of box. Simply set com.sun|ibm.security.enableCRLDP property as true when enableRevocation
ensure that we get chance to use the CRLDistributionPoints in certificates and no necessary
to specify org.apache.ws.security.crypto.merlin.x509crl.file explicitly and whatnot for Crypto
instance.

Set this property won't affect current logic, e.g., if there is no CRLDistributionPoints in
certificates then it still can use the crl file specified by  org.apache.ws.security.crypto.merlin.x509crl.file

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message