Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-278

verifyTrust in Crypto should use CRLs as well

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6
    • Fix Version/s: 1.6.1
    • Component/s: WSS4J Core
    • Labels:
      None
    • Environment:
      all

      Description

      The trust chain is validated without checking the CRLs. It is done this way, because Merlin does not check the CRLs as well. But it could be done by using CertPathValidator with proper parameters:
      java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(...);
      params.setRevocationEnabled(true);

      It would be nice, if th verifyTrust-Method in Crypto would provide the functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...) ?) would be created.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              marcin.markiewicz Marcin Markiewicz
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: