Hi Folks, I recently developed a Certificate Validation feature with OCSP[1] and CRL[2] for Synapse which was shipped with the latest WSO2 ESB 4.7.0 [3]. The feature can be plugged into both nhttp and passthru Transport Senders. I would like to suggest this feature to be added to Synapse 3.0 since its a major release.
Currently at SSL handshake, Synapse only verifies the host name[4] of the peer certificate. The Certificate Validation feature validates the revocation status of the certificates before making an HTTPS connection. Please see the patches attached on Jira [5]. For more information, please read the README in the attachment. [1] http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol [2] http://en.wikipedia.org/wiki/Certificate_revocation_list [3]http://kasunpanorama.blogspot.com/2013/07/a-closer-look-at-wso2-esb-470.html [4] http://synapse.apache.org/apidocs/org/apache/synapse/transport/nhttp/HostnameVerifier.html [5] https://issues.apache.org/jira/browse/SYNAPSE-954 Thanks, Jeewantha.
