[
https://issues.apache.org/jira/browse/WSS-338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Freeman Fang resolved WSS-338.
------------------------------
Resolution: Not A Problem
Per the discussion in WSS-339, this isn't a problem
> should set com....security.enableCRLDP when enableRevocation is true
> --------------------------------------------------------------------
>
> Key: WSS-338
> URL: https://issues.apache.org/jira/browse/WSS-338
> Project: WSS4J
> Issue Type: Improvement
> Affects Versions: 1.6.4
> Reporter: Freeman Fang
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.5
>
> Attachments: WSS-338.patch
>
>
> When we use CRL to do revocation certificate check, generally the
> certificates can carry CRLDistributionPoints extension(which is http or ldap
> url), but currently we can't use this CRLDistributionPoints in certificates
> out of the box. It would be better that we can use CRLDistributionPoints out
> of box. Simply set com.sun|ibm.security.enableCRLDP property as true when
> enableRevocation ensure that we get chance to use the CRLDistributionPoints
> in certificates and no necessary to specify
> org.apache.ws.security.crypto.merlin.x509crl.file explicitly and whatnot for
> Crypto instance.
> Set this property won't affect current logic, e.g., if there is no
> CRLDistributionPoints in certificates then it still can use the crl file
> specified by org.apache.ws.security.crypto.merlin.x509crl.file
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
