ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (WSS-338) should set com....security.enableCRLDP when enableRevocation is true
Date Tue, 07 Oct 2014 08:05:35 GMT

     [ https://issues.apache.org/jira/browse/WSS-338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh closed WSS-338.
-----------------------------------

> should set com....security.enableCRLDP when enableRevocation is true
> --------------------------------------------------------------------
>
>                 Key: WSS-338
>                 URL: https://issues.apache.org/jira/browse/WSS-338
>             Project: WSS4J
>          Issue Type: Improvement
>    Affects Versions: 1.6.4
>            Reporter: Freeman Fang
>            Assignee: Colm O hEigeartaigh
>         Attachments: WSS-338.patch
>
>
> When we use CRL to do revocation certificate check, generally the certificates can carry
CRLDistributionPoints extension(which is http or ldap url), but currently we can't use this
CRLDistributionPoints in certificates out of the box. It would be better that we can use CRLDistributionPoints
out of box. Simply set com.sun|ibm.security.enableCRLDP property as true when enableRevocation
ensure that we get chance to use the CRLDistributionPoints in certificates and no necessary
to specify org.apache.ws.security.crypto.merlin.x509crl.file explicitly and whatnot for Crypto
instance.
> Set this property won't affect current logic, e.g., if there is no CRLDistributionPoints
in certificates then it still can use the crl file specified by  org.apache.ws.security.crypto.merlin.x509crl.file



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message