[WSS-278] verifyTrust in Crypto should use CRLs as well - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.6
Fix Version/s: 1.6.1
Component/s: WSS4J Core
Labels:
None
Environment:
all

Description

The trust chain is validated without checking the CRLs. It is done this way, because Merlin does not check the CRLs as well. But it could be done by using CertPathValidator with proper parameters:
java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(...);
params.setRevocationEnabled(true);

It would be nice, if th verifyTrust-Method in Crypto would provide the functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...) ?) would be created.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Marcin Markiewicz

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Apr/11 17:21

Updated:: 03/Jun/11 16:40

Resolved:: 30/May/11 14:12