[prev in list] [next in list] [prev in thread] [next in thread] 

List:       woden-dev
Subject:    [jira] [Resolved] (WSS-278) verifyTrust in Crypto should use CRLs
From:       "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date:       2011-05-30 14:13:47
Message-ID: 704111895.53446.1306764827529.JavaMail.tomcat () hel ! zones ! apache ! org
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Colm O hEigeartaigh resolved WSS-278.
-------------------------------------

    Resolution: Fixed


Fixed. Please see this blog entry for more details:

http://coheigea.blogspot.com/2011/05/crl-support-in-wss4j-161.html

Colm.

> verifyTrust in Crypto should use CRLs as well
> ---------------------------------------------
> 
> Key: WSS-278
> URL: https://issues.apache.org/jira/browse/WSS-278
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6
> Environment: all
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.1
> 
> 
> The trust chain is validated without checking the CRLs. It is done this way, \
> because Merlin does not check the CRLs as well. But it could be done by using \
> CertPathValidator with proper parameters: java.security.cert.PKIXParameters params \
> = new java.security.cert.PKIXParameters(...); params.setRevocationEnabled(true);
> It would be nice, if th verifyTrust-Method in Crypto would provide the \
> functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...) ?) \
> would be created.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]