Hi everyone, I'm trying to configure a Dropwizard app to apply a certificate revocation list (CRL) from a file when validating peer certificates for both inbound (the app uses TLS client auth) and outbound connections.
For incoming connections (where the app is a server), this is pretty easy: in the HTTPS connector configuration (http://www.dropwizard.io/1.2.2/docs/manual/configuration.html#https), set crlPath to where the CRL is kept on the local filesystem and set validatePeers to true. If a client tries to connect with a revoked client cert, the connection is rejected, which is what we want. For outgoing connections (where the app is a client) using a JerseyClient, there don't seem to be any corresponding configuration options. In particular, the TLS config for a client (http://www.dropwizard.io/1.2.2/docs/manual/configuration.html#tls) doesn't have any options for specifying a CRL, nor do any of the other client-related config objects seem to have anything similar. Is there a way to get outbound JerseyClient connections to use a CRL, like there is for inbound ones? Thanks! -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
