'[jira] [Closed] (WSS-338) should set com....security.enableCRLDP when enableRevocation is true'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    [jira] [Closed] (WSS-338) should set com....security.enableCRLDP when enableRevocation is true
From:       "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date:       2014-10-07 8:05:35
Message-ID: JIRA.12542495.1329209938000.206395.1412669135762 () Atlassian ! JIRA
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Colm O hEigeartaigh closed WSS-338.
-----------------------------------

> should set com....security.enableCRLDP when enableRevocation is true
> --------------------------------------------------------------------
> 
> Key: WSS-338
> URL: https://issues.apache.org/jira/browse/WSS-338
> Project: WSS4J
> Issue Type: Improvement
> Affects Versions: 1.6.4
> Reporter: Freeman Fang
> Assignee: Colm O hEigeartaigh
> Attachments: WSS-338.patch
> 
> 
> When we use CRL to do revocation certificate check, generally the certificates can \
> carry CRLDistributionPoints extension(which is http or ldap url), but currently we \
> can't use this CRLDistributionPoints in certificates out of the box. It would be \
> better that we can use CRLDistributionPoints out of box. Simply set \
> com.sun|ibm.security.enableCRLDP property as true when enableRevocation ensure that \
> we get chance to use the CRLDistributionPoints in certificates and no necessary to \
> specify org.apache.ws.security.crypto.merlin.x509crl.file explicitly and whatnot \
> for Crypto instance. Set this property won't affect current logic, e.g., if there \
> is no CRLDistributionPoints in certificates then it still can use the crl file \
> specified by  org.apache.ws.security.crypto.merlin.x509crl.file



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic