Re: crlFile update

[Christopher Schultz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dan,

On 11/12/13, 10:10 AM, Daniel Mikusa wrote:
> On Nov 12, 2013, at 5:56 AM, Ja kub <jjaku...@gmail.com> wrote:
> 
>> Hello,
>> 
>> Is there any way to revoke certificate without restarting tomcat
>> ?
>> 
>> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html  : 
>> crlFile The certificate revocation list to be used to verify
>> client certificates.
>> 
>> is this file reloaded by tomcat, or it is read only once at
>> startup ?
> 
> I think this was answered recently on the list.  Check out this
> thread.
> 
> http://marc.info/?l=tomcat-user&m=137345634818076&w=2

Short answer: no, CRLs basically can't be updated (right now).

I'll have to check, but I think re-reading the CRL at runtime isn't a
huge problem for the JSSE connector. Can you log a bugzilla
enhancement request?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgnlhAAoJEBzwKT+lPKRYqZsQAI70270KC9lk9/oT+d7UCNYv
G0zVLSdh9lIYYoyiPWYF1fCGZYd7J6I2zcsTxw/W4EZY4VJX3Y1QsJmwviTuYYVO
jyDHS2Ph8fUhdsR2rUlT3VmUVWmjo5jrSRfa/S7LepnolEB00ewmLkGFi20bIRlP
dJQU+qE0p/0mX+dgAKsLpnZCJlvO4FyWuCdWoBPQHZKh/Er1rahmmppv5lj1XHcG
EUjDthcmSimUcqDh9hn3eW+u3CS3DeHJqe4im0mvnybK4pwIdLTD4KKWWUexpoGQ
Gv57CL3OFWLWIckgXWWg3NMpDYr+ZiCpplklmtVmTLfx12y0yJKUxoC21rqPNk9R
IVCoH9tv95kCGIHFZ0l2u5q7/3QJ8fkciT5l9AXDwEhYpQZwEnfTx9n3rNcP/yIp
el4NY32g0gb8qF5ycKoReZkvwNKArEtCoL6x94jG4+4wh6DHHFA92KBcsZhs66RT
JfVtueOMKFHQQIyhiiRuZVdphiMRAk0AFAqYebMwot034nQW3CHsWsz984jlJJyH
Ck/jhyigd7SDVEXl+HHcx157v6lxtVrkaTxoeYQJhPK4XwHy1hNkHtFJ2fH0hj9j
PMXYMr2t+mk9a23bO/dDABODD9Iyxlj/Lww+etvLzLu0wPWyAsuMpuKjsyBHeNBB
Kqy6WJpLxUksYMBnLgeA
=Xb71
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org