I have done some more analysis of the problem and the exception started to be thrown in version 7.0.11. Something changed between 7.0.10 and 7.0.11 that affected handling of CRL for SunX509 algorithm. In version 7.0.10, although the code in JSSESocketFactory.java to throw the exception is the same as the 7.0.11 version, the exception is not thrown. I imagine that in 7.0.10, the application never calls JSSESocketFactory's getParameter or that somehow the algo that is passed to this method is replaced with PKIX.
Would someone know what changed between version 7.0.10 and version 7.0.11? Martin On Thu, Jun 16, 2011 at 8:59 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Martin Dubuc [mailto:martind1...@gmail.com] > > Subject: crlFile and SunX509 algorithm in Tomcat 7.0.16 > > > Up to Tomcat 7.0.10, I used the crlFile configuration along > > with the SunX509 algorithm in SSL HTTP connector configuration > > > java.io.IOException: CRLs not supported for type: SunX509 > > > I am using JDK 6 update 26. > > Haven't looked at the JRE code yet, but I wonder if the new owners in their > zeal might have changed the internal class to OracleX509? (Just > speculation, and hopefully not correct.) > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
