The server accepts the connection of the client with the revoked certificate, I think it should reject the connection. I add an example of that in the commit.
2017-12-11 14:05 GMT+00:00 Justin Bertram <jbert...@apache.org>: > I took a quick look over the code and it looks good to me. What > specifically isn't working? > > > Justin > > On Mon, Dec 11, 2017 at 3:06 AM, Raul Valdoleiros < > raul.valdoleiros.olive...@gmail.com> wrote: > > > Hi Justin, > > > > What I did is available in the commit: > > https://github.com/Skiler/activemq-artemis/commit/ > > 2e67595c30856666eb62122906b22a3398f9de47 > > Definitely I did something wrong, perhaps some basic mistake. I > > > > Thanks in advance, > > Raul > > > > 2017-12-08 20:51 GMT+00:00 Justin Bertram <jbert...@apache.org>: > > > > > FYI - I opened ARTEMIS-1548 [1] for this. > > > > > > > > > Justin > > > > > > [1] https://issues.apache.org/jira/browse/ARTEMIS-1548 > > > > > > On Thu, Dec 7, 2017 at 6:54 PM, Justin Bertram <jbert...@apache.org> > > > wrote: > > > > > > > > I copied the code and the certificates from activemq. > > > > > > > > What code and certs did you copy and where did you copy it to? > > > > > > > > > My guess is artemis is delegating the ssl infrastructure in Netty > and > > > > netty isn't supporting CRL by default. Not sure about it. > > > > > > > > The SSL handshake is done by Netty in Artemis. However, the > SSLContext > > > > used (which includes the trust manager) is created by Artemis itself > in > > > the > > > > class I specified in my previous email. > > > > > > > > > I need ocsp too, i thought i could add copy both features to > artemis. > > > No > > > > luck until now. > > > > > > > > I don't think it will be too hard to implement both in Artemis. I'll > > > give > > > > it a closer look when I get the chance. > > > > > > > > > > > > Justin > > > > > > > > On Thu, Dec 7, 2017 at 4:23 PM, Raul Valdoleiros < > > > > raul.valdoleiros.olive...@gmail.com> wrote: > > > > > > > >> Hi Justin, > > > >> > > > >> I already try it ( i tried before send the e-mail), and didn't > work. I > > > >> copied the code and the certificates from activemq. My guess is > > artemis > > > is > > > >> delegating the ssl infrastructure in Netty and netty isn't > supporting > > > CRL > > > >> by default. Not sure about it. I'm assuming activemq don't use > netty. > > > >> I need ocsp too, i thought i could add copy both features to > artemis. > > No > > > >> luck until now. > > > >> > > > >> Thanks in advance, > > > >> Raul > > > >> > > > >> > > > >> Em 07/12/2017 5:36 p.m., "Justin Bertram" <jbert...@redhat.com> > > > escreveu: > > > >> > > > >> Artemis doesn't support CRL. However, you should be able to adapt > > > what's > > > >> done in 5.x in org.apache.activemq.spring.SpringSslContext to work > in > > > >> Artemis in org.apache.activemq.artemis.core.remoting.impl.ssl. > > > SSLSupport. > > > >> Let me know if you're moving forward with this work otherwise I'll > > take > > > a > > > >> closer look. > > > >> > > > >> > > > >> Justin > > > >> > > > >> On Thu, Dec 7, 2017 at 2:27 AM, Raul Valdoleiros < > > > >> raul.valdoleiros.olive...@gmail.com> wrote: > > > >> > > > >> > Hi, > > > >> > > > > >> > Artemis support certificate revogation list? If not, i'm available > > to > > > >> try > > > >> > implement it if you give some insights about it. > > > >> > > > > >> > Thanks in advance, > > > >> > Raul > > > >> > > > > >> > > > > > > > > > > > > > >
