should set com....security.enableCRLDP when enableRevocation is true
--------------------------------------------------------------------
Key: WSS-338
URL: https://issues.apache.org/jira/browse/WSS-338
Project: WSS4J
Issue Type: Improvement
Affects Versions: 1.6.4
Reporter: Freeman Fang
Assignee: Colm O hEigeartaigh
Fix For: 1.6.5
When we use CRL to do revocation certificate check, generally the certificates
can carry CRLDistributionPoints extension(which is http or ldap url), but
currently we can't use this CRLDistributionPoints in certificates out of the
box. It would be better that we can use CRLDistributionPoints out of box.
Simply set com.sun|ibm.security.enableCRLDP property as true when
enableRevocation ensure that we get chance to use the CRLDistributionPoints in
certificates and no necessary to specify
org.apache.ws.security.crypto.merlin.x509crl.file explicitly and whatnot for
Crypto instance.
Set this property won't affect current logic, e.g., if there is no
CRLDistributionPoints in certificates then it still can use the crl file
specified by org.apache.ws.security.crypto.merlin.x509crl.file
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
