[jira] [Commented] (WSS-338) should set com....security.enableCRLDP when enableRevocation is true

Wed, 15 Feb 2012 06:59:21 -0800 

    [ 
https://issues.apache.org/jira/browse/WSS-338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13208517#comment-13208517
 ] 

Colm O hEigeartaigh commented on WSS-338:
-----------------------------------------

Hi Freeman,

I'm -1 to this patch because of the system property requirement.

It's something that should be set at the application/container level if needed, 
and should be documented as such.

Colm.
                
> should set com....security.enableCRLDP when enableRevocation is true
> --------------------------------------------------------------------
>
>                 Key: WSS-338
>                 URL: https://issues.apache.org/jira/browse/WSS-338
>             Project: WSS4J
>          Issue Type: Improvement
>    Affects Versions: 1.6.4
>            Reporter: Freeman Fang
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.6.5
>
>         Attachments: WSS-338.patch
>
>
> When we use CRL to do revocation certificate check, generally the 
> certificates can carry CRLDistributionPoints extension(which is http or ldap 
> url), but currently we can't use this CRLDistributionPoints in certificates 
> out of the box. It would be better that we can use CRLDistributionPoints out 
> of box. Simply set com.sun|ibm.security.enableCRLDP property as true when 
> enableRevocation ensure that we get chance to use the CRLDistributionPoints 
> in certificates and no necessary to specify 
> org.apache.ws.security.crypto.merlin.x509crl.file explicitly and whatnot for 
> Crypto instance.
> Set this property won't affect current logic, e.g., if there is no 
> CRLDistributionPoints in certificates then it still can use the crl file 
> specified by  org.apache.ws.security.crypto.merlin.x509crl.file

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to