verifyTrust in Crypto should use CRLs as well
---------------------------------------------
Key: WSS-278
URL: https://issues.apache.org/jira/browse/WSS-278
Project: WSS4J
Issue Type: Improvement
Components: WSS4J Core
Affects Versions: 1.6, 1.6.1
Environment: all
Reporter: Marcin Markiewicz
Assignee: Colm O hEigeartaigh
The trust chain is validated without checking the CRLs. It is done this way,
because Merlin does not check the CRLs as well. But it could be done by using
CertPathValidator with proper parameters:
java.security.cert.PKIXParameters params = new
java.security.cert.PKIXParameters(...);
params.setRevocationEnabled(true);
It would be nice, if th verifyTrust-Method in Crypto would provide the
functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...)
?) would be created.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
