Re: How to verify root certificate?

Mon, 14 Aug 2006 10:58:39 -0700

This does seem like it would be useful functionality. Perhaps we can add path validation support, but make it configurable with a switch so that applications that need it can take advantage of it, but those that don't (or need custom processing) are unaffected. 

David

On Mon, 14 Aug 2006 07:48:33 -0500
 <[EMAIL PROTECTED]> wrote:
> Wow, that is very suprising. Admittedly I am a security novice, but > I assumed verifying tbe root CA would be basic included, if not 
> required, functionality. Thanks for the heads up anyway.
>
>    -----Original Message-----
>    From: Werner Dittmann [mailto:[EMAIL PROTECTED] Sent:
> Saturday, August 12, 2006 1:41 AM
>    To: Hansen, Rick (TLR Corp)
>    Cc: [email protected]
>    Subject: Re: How to verify root certificate?
>
>    Richard,
>    that's correct. WSS4J does not perform the certificate
> verification. The WSS4J Axis handlers have some code that perform a
> basic certificate path verification. This was done because certificate
> path verification is sometime not necessary for basic security
> (encryption). WSS4J returns
> the certificate used for signature verification to the calling
> application (WSSecurityEngine does this).
>
>    Regards,
>    Werner
>
>    [EMAIL PROTECTED] wrote:
>
> I've searched quite a bit but have found nothing on how to get > WSS4J to verify the root X509 certificate. Can anyone tell me how or 
> point me to an example?
>
>        I am using WSS4J programatically (not under Axis) to sign and
> verify SOAP messages. Using the WSSecSignature and WSSecurityEngine
> classes I
>
>
>        have gotten thing things working well except that the root
> certificate
>
>
>        is not verified. I have been using a self-signed cert for
> testing and passing the cert in the BinarySecurityToken. Any
> certificate seems to be trusted, in fact I can even use an empty
> keystore on the server.
>
>        Rick Hansen
>
>
>
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: [EMAIL PROTECTED]
    For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to