Re: CRL support
Thanks a lot I will check it out
On Thursday 29 of November 2007 15:24:57 Fred Dushin wrote:
See the http-conf:trustDecider in
https://svn.apache.org/repos/asf/incubator/cxf/trunk/rt/transports/
http/src/main/resources/schemas/configuration/http-conf.xsd
You'll need to implement your own
org.apache.cxf.transport.http.MessageTrustDecider, but this will get
called when a connection is established. Unfortunately, because of
the design of the Sun JSSE, this is not a hook into the handshake,
but your trust decider should be called before any application data
is sent down the pipe. That's the idea, at any rate.
-Fred
On Nov 28, 2007, at 4:26 PM, Bc. Jiří Mikulášek wrote:
thanks, because I really need CRL support is there any way how to
handle it on
my own - maybe use some interceptor, which will handle it before each
connection? If there is such possibility, please can somebody give
me few
basic hints, where to start what to care and so...?
Dne středa 28 listopad 2007 21:32 Fred Dushin napsal(a):
CXF does not have support for CRLs.
On Nov 28, 2007, at 6:18 AM, Bc. Jiří Mikulášek wrote:
Hi all,
can somebody give me a hint how to configure or program CRL
(certificate
revocation list) checking before each SSL handshake.
In detail:
I have this configuration on client:
http-conf:conduit
name={http:///}portName.http-conduit;
http-conf:client AllowChunking=false /
http-conf:tlsClientParameters secureSocketProtocol=SSL
sec:trustManagers
sec:keyStore type=JKS password=password
url=someurl/
/sec:trustManagers
sec:keyManagers keyPassword=password
sec:keyStore type=JKS password=password
url=someurl/
/sec:keyManagers
/http-conf:tlsClientParameters
which causes ssl communication, but before each connection I would
like to
check all certificates i keystores for revocation according some
CRL on
filesystem
thanks for any advice
--
Jiri Mikulasek
-
Developer
AURA, s.r.o.
Uvoz 499/56; 602 00 Brno
ISO 9001 certified company
AQAP 2110 (ČOS 051622)
tel./fax: +420 544 508 115
e-mail: [EMAIL PROTECTED]
http://www.aura.cz
-
--
Jiri Mikulasek
-
Developer
AURA, s.r.o.
Uvoz 499/56; 602 00 Brno
ISO 9001 certified company
AQAP 2110 (ČOS 051622)
tel./fax: +420 544 508 115
e-mail: [EMAIL PROTECTED]
http://www.aura.cz
-
Re: CRL support
See the http-conf:trustDecider in
https://svn.apache.org/repos/asf/incubator/cxf/trunk/rt/transports/
http/src/main/resources/schemas/configuration/http-conf.xsd
You'll need to implement your own
org.apache.cxf.transport.http.MessageTrustDecider, but this will get
called when a connection is established. Unfortunately, because of
the design of the Sun JSSE, this is not a hook into the handshake,
but your trust decider should be called before any application data
is sent down the pipe. That's the idea, at any rate.
-Fred
On Nov 28, 2007, at 4:26 PM, Bc. Jiří Mikulášek wrote:
thanks, because I really need CRL support is there any way how to
handle it on
my own - maybe use some interceptor, which will handle it before each
connection? If there is such possibility, please can somebody give
me few
basic hints, where to start what to care and so...?
Dne středa 28 listopad 2007 21:32 Fred Dushin napsal(a):
CXF does not have support for CRLs.
On Nov 28, 2007, at 6:18 AM, Bc. Jiří Mikulášek wrote:
Hi all,
can somebody give me a hint how to configure or program CRL
(certificate
revocation list) checking before each SSL handshake.
In detail:
I have this configuration on client:
http-conf:conduit
name={http:///}portName.http-conduit;
http-conf:client AllowChunking=false /
http-conf:tlsClientParameters secureSocketProtocol=SSL
sec:trustManagers
sec:keyStore type=JKS password=password
url=someurl/
/sec:trustManagers
sec:keyManagers keyPassword=password
sec:keyStore type=JKS password=password
url=someurl/
/sec:keyManagers
/http-conf:tlsClientParameters
which causes ssl communication, but before each connection I would
like to
check all certificates i keystores for revocation according some
CRL on
filesystem
thanks for any advice
--
Jiri Mikulasek
-
Developer
AURA, s.r.o.
Uvoz 499/56; 602 00 Brno
ISO 9001 certified company
AQAP 2110 (ČOS 051622)
tel./fax: +420 544 508 115
e-mail: [EMAIL PROTECTED]
http://www.aura.cz
-
Re: CRL support
CXF does not have support for CRLs.
On Nov 28, 2007, at 6:18 AM, Bc. Jiří Mikulášek wrote:
Hi all,
can somebody give me a hint how to configure or program CRL
(certificate
revocation list) checking before each SSL handshake.
In detail:
I have this configuration on client:
http-conf:conduit
name={http:///}portName.http-conduit;
http-conf:client AllowChunking=false /
http-conf:tlsClientParameters secureSocketProtocol=SSL
sec:trustManagers
sec:keyStore type=JKS password=password
url=someurl/
/sec:trustManagers
sec:keyManagers keyPassword=password
sec:keyStore type=JKS password=password
url=someurl/
/sec:keyManagers
/http-conf:tlsClientParameters
which causes ssl communication, but before each connection I would
like to
check all certificates i keystores for revocation according some
CRL on
filesystem
thanks for any advice
--
Jiri Mikulasek
-
Developer
AURA, s.r.o.
Uvoz 499/56; 602 00 Brno
ISO 9001 certified company
AQAP 2110 (ČOS 051622)
tel./fax: +420 544 508 115
e-mail: [EMAIL PROTECTED]
http://www.aura.cz
-
