[
https://issues.apache.org/jira/browse/WSS-338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed WSS-338.
-----------------------------------
> should set com....security.enableCRLDP when enableRevocation is true
> --------------------------------------------------------------------
>
> Key: WSS-338
> URL: https://issues.apache.org/jira/browse/WSS-338
> Project: WSS4J
> Issue Type: Improvement
> Affects Versions: 1.6.4
> Reporter: Freeman Fang
> Assignee: Colm O hEigeartaigh
> Attachments: WSS-338.patch
>
>
> When we use CRL to do revocation certificate check, generally the
> certificates can carry CRLDistributionPoints extension(which is http or ldap
> url), but currently we can't use this CRLDistributionPoints in certificates
> out of the box. It would be better that we can use CRLDistributionPoints out
> of box. Simply set com.sun|ibm.security.enableCRLDP property as true when
> enableRevocation ensure that we get chance to use the CRLDistributionPoints
> in certificates and no necessary to specify
> org.apache.ws.security.crypto.merlin.x509crl.file explicitly and whatnot for
> Crypto instance.
> Set this property won't affect current logic, e.g., if there is no
> CRLDistributionPoints in certificates then it still can use the crl file
> specified by org.apache.ws.security.crypto.merlin.x509crl.file
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
