[jira] [Commented] (QPID-8367) [Broker-J] Trusted CA revocation list

Mon, 27 Jan 2020 07:27:20 -0800 


    [ 
https://issues.apache.org/jira/browse/QPID-8367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17024425#comment-17024425
 ] 

ASF GitHub Bot commented on QPID-8367:
--------------------------------------

alex-rufous commented on issue #44: QPID-8367 [Broker-J] Trusted CA revocation 
list
URL: https://github.com/apache/qpid-broker-j/pull/44#issuecomment-578801454
 
 
   Hi Tomas,
   Thanks for addressing my review comments. My apologies for the delay with 
applying this pull request.
   
   I have an additional question to the implementation of 
`org.apache.qpid.server.security.AbstractTrustStore#getParameters`. If 
attribute 'certificateRevocationListUrl' is set, the other certificate 
revocation check attributes are ignored. Why is that? I cannot find in 
documentation that `java.security.cert.PKIXParameters#addCertStore` and 
`java.security.cert.PKIXParameters#addCertPathChecker` are mutually exclusive. 
It looks like we should be able to add `PKIXRevocationChecker` together with 
not null CLR. Am I missing something here?
   
   Kind Regards,
   Alex
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> [Broker-J] Trusted CA revocation list
> -------------------------------------
>
>                 Key: QPID-8367
>                 URL: https://issues.apache.org/jira/browse/QPID-8367
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Broker-J
>            Reporter: Tomas Vavricka
>            Priority: Major
>             Fix For: qpid-java-broker-8.0.0
>
>
> Qpid Broker-J supports custom CA. When in place clients then can connect with 
> certificate signed by custom CA. 
> However there is no way to reject compromised certificates. Implementation of 
> revocation list for custom CA can solve this issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to