Thanks a lot I will check it out On Thursday 29 of November 2007 15:24:57 Fred Dushin wrote: > See the http-conf:trustDecider in > > https://svn.apache.org/repos/asf/incubator/cxf/trunk/rt/transports/ > http/src/main/resources/schemas/configuration/http-conf.xsd > > You'll need to implement your own > org.apache.cxf.transport.http.MessageTrustDecider, but this will get > called when a connection is established. Unfortunately, because of > the design of the Sun JSSE, this is not a hook into the handshake, > but your trust decider should be called before any application data > is sent down the pipe. That's the idea, at any rate. > > -Fred > > On Nov 28, 2007, at 4:26 PM, Bc. Jiří Mikulášek wrote: > > thanks, because I really need CRL support is there any way how to > > handle it on > > my own - maybe use some interceptor, which will handle it before each > > connection? If there is such possibility, please can somebody give > > me few > > basic hints, where to start what to care and so...? > > > > Dne středa 28 listopad 2007 21:32 Fred Dushin napsal(a): > >> CXF does not have support for CRLs. > >> > >> On Nov 28, 2007, at 6:18 AM, Bc. Jiří Mikulášek wrote: > >>> Hi all, > >>> can somebody give me a hint how to configure or program CRL > >>> (certificate > >>> revocation list) checking before each SSL handshake. > >>> > >>> In detail: > >>> I have this configuration on client: > >>> <http-conf:conduit > >>> name="{http://..../}portName.http-conduit";> > >>> > >>> <http-conf:client AllowChunking="false" /> > >>> <http-conf:tlsClientParameters secureSocketProtocol="SSL"> > >>> <sec:trustManagers> > >>> <sec:keyStore type="JKS" password="password" > >>> url="someurl"/> > >>> </sec:trustManagers> > >>> <sec:keyManagers keyPassword="password"> > >>> <sec:keyStore type="JKS" password="password" > >>> url="someurl"/> > >>> > >>> </sec:keyManagers> > >>> </http-conf:tlsClientParameters> > >>> > >>> which causes ssl communication, but before each connection I would > >>> like to > >>> check all certificates i keystores for revocation according some > >>> CRL on > >>> filesystem > >>> > >>> > >>> thanks for any advice > >>> -- > >>> Jiri Mikulasek > >>> --------------------------------- > >>> Developer > >>> > >>> AURA, s.r.o. > >>> Uvoz 499/56; 602 00 Brno > >>> ISO 9001 certified company > >>> AQAP 2110 (ČOS 051622) > >>> tel./fax: +420 544 508 115 > >>> e-mail: [EMAIL PROTECTED] > >>> http://www.aura.cz > >>> ---------------------------------
-- Jiri Mikulasek --------------------------------- Developer AURA, s.r.o. Uvoz 499/56; 602 00 Brno ISO 9001 certified company AQAP 2110 (ČOS 051622) tel./fax: +420 544 508 115 e-mail: [EMAIL PROTECTED] http://www.aura.cz ---------------------------------
