I believe the Sun PKI provider supports CRL checking, but according to http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html it is not enabled by default:
"If the init(KeyStore ks) method is used, default PKIXParameters are used with the exception that revocation checking is disabled. It can be enabled by setting the system property com.sun.net.ssl.checkRevocation to true. Note that this setting requires that the CertPath implementation can locate revocation information by itself. The PKIX implementation in the SUN provider can do this in many cases but requires that the system property com.sun.security.enableCRLDP be set to true. " I recommend you try that approach before rolling your own CRL checking. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
