ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Freeman Fang (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-339) OCSP support
Date Fri, 17 Feb 2012 01:19:59 GMT

    [ https://issues.apache.org/jira/browse/WSS-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13209960#comment-13209960
] 

Freeman Fang commented on WSS-339:
----------------------------------

Hi Dan,

Thanks for the input.
I was thinking wrongly before. I just verified ocsp.enable=true won't affect the certificates
which has no ocsp infos, it can still use CRLs as fallback(the JDK doc also confirmed it),
 and enableCRLDP won't affect the certificates which has no CRLDP infos, it still can use
local CRLs as fallback. So I'm ok with the global properties settings for now.

Best Regards
Freeman


                
> OCSP support
> ------------
>
>                 Key: WSS-339
>                 URL: https://issues.apache.org/jira/browse/WSS-339
>             Project: WSS4J
>          Issue Type: Improvement
>            Reporter: Freeman Fang
>            Assignee: Colm O hEigeartaigh
>         Attachments: WSS-339.patch
>
>
> currently WSS4J already support CRL for revocation check, it would be better that we
can also support OCSP through WSS4J configuration.
> Though we can set ocsp.enable property in $JAVA_HOME/jre/lib/security/java.security to
enable OCSP but it's effect JVM wide, I'd like to introduce a property in WSHandlerConstants
like enableOCSP which can trigger code like
> Security.setProperty("ocsp.enable", enableOCSP);
> This should be similar with the property enableRevocation,  the logic is
> if (enableRevocation && enableOCSP) {
>     //use OCSP to do revocation check.
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message