Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.6
-
None
-
all
Description
The trust chain is validated without checking the CRLs. It is done this way, because Merlin does not check the CRLs as well. But it could be done by using CertPathValidator with proper parameters:
java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(...);
params.setRevocationEnabled(true);
It would be nice, if th verifyTrust-Method in Crypto would provide the functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...) ?) would be created.