This is where the fun comes in... 1. Security provider differences (sun vs. ibm vs. ??). Various incompatible ssl algs.
2. CRL vs OCSP (CRLs are not generally preferred) 3. X509 attributes and extended attributes and browser incompatibilities On Mon, Oct 12, 2009 at 4:40 PM, Shaun Senecal <[email protected]>wrote: > I had to do the same thing and ultimately ended up using a package called > commons-ssl to do the hostname verification. I'm pretty sure it also > contains CRL checking as well. > > The JRE has all of these implementations already to handle HTTPS > connections, but for some reason Sun decided not to expose them. I asked > around and never got a good answer from anyone. > > http://juliusdavies.ca/commons-ssl/ > > > > Shaun > > On Fri, Oct 9, 2009 at 5:48 PM, <[email protected]> wrote: > > > Hi, > > > > I'm writing a TCP server communicating with device via MINA. > > MINA helped me writing server easily. I really appreciate it. > > > > I have a question for certificate in SSL communication. > > In my application, the secure communication is done using SslFilter. > > And the server and device need to authenticate each other. > > I think that some basic validations such as validity period check are > > being done by SslFilter automatically. > > But how about the certificate revocation using CRL? > > I couldn't find its internal process via log or any notes about that. > > > > I need to make sure which validations are checked internally and which > > validations I need to implement. > > Can anyone let me know whether I need to check certificate revocation > > manually? > > > > Thanks in advance! > > Neo Kim > > > > >
