[
https://issues.apache.org/jira/browse/WSS-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13209960#comment-13209960
]
Freeman Fang commented on WSS-339:
----------------------------------
Hi Dan,
Thanks for the input.
I was thinking wrongly before. I just verified ocsp.enable=true won't affect
the certificates which has no ocsp infos, it can still use CRLs as fallback(the
JDK doc also confirmed it), and enableCRLDP won't affect the certificates
which has no CRLDP infos, it still can use local CRLs as fallback. So I'm ok
with the global properties settings for now.
Best Regards
Freeman
> OCSP support
> ------------
>
> Key: WSS-339
> URL: https://issues.apache.org/jira/browse/WSS-339
> Project: WSS4J
> Issue Type: Improvement
> Reporter: Freeman Fang
> Assignee: Colm O hEigeartaigh
> Attachments: WSS-339.patch
>
>
> currently WSS4J already support CRL for revocation check, it would be better
> that we can also support OCSP through WSS4J configuration.
> Though we can set ocsp.enable property in
> $JAVA_HOME/jre/lib/security/java.security to enable OCSP but it's effect JVM
> wide, I'd like to introduce a property in WSHandlerConstants like enableOCSP
> which can trigger code like
> Security.setProperty("ocsp.enable", enableOCSP);
> This should be similar with the property enableRevocation, the logic is
> if (enableRevocation && enableOCSP) {
> //use OCSP to do revocation check.
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
