I am really not sure what is involved...as I have not done all the necessary research.
My understanding is that the location of the revocation server is built into the certificates themselves somehow. Several months ago I looked around, and thought I saw where you did the certificate validation. I believe it was done manually, not using the standard Java APIs. (My assumption was that this functionality pre-dated the Java API.) I was hoping that all that would be involved would be to locate that area and try to use the Java certificate validation APIs instead of these custom ones. Then, hopefully the OSCP stuff would just work. There is a lot of "Hope" in this, but hey, it's Christmas! :) Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yoav Shapira Sent: Friday, December 08, 2006 3:26 PM To: Tomcat Developers List Subject: Re: Tomcat and OCSP Hi, Wouldn't you need OCSP revocation handling at the SSL connector processing point? That's the patch I was thinking of, but I'm not an expert in this area, so I might be off-base. Yoav On 12/8/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote: > is a patch even required? or is OSCP something you just turn on since > its built into the JDK Mark, do you have anymore details what this > would involve? > Filip > > Yoav Shapira wrote: > > Mark, > > If you submit a patch for OCSP support, I'll gladly review it, and I > > imagine several other people would be interested as well. > > > > Yoav > > > > On 12/8/06, Mark Claassen <[EMAIL PROTECTED]> wrote: > >> I asked this on the user list, but perhaps this is a question > >> better for here. I have been using Tomcat for a while, but have > >> not been developing yet really (although I did submit a patch a > >> while ago to the CGIServlet). > >> However, this OCSP issue has potential to really hit the fan for us > >> and if there is something that needs to be done, I would like to > >> try. > >> > >> -----Original Message----- > >> > >> Now that I see Tomcat 6.0 is on it's way, I was wondering if OCSP > >> is going to be included? This is being required by more and more > >> people these days (like the US government). > >> > >> If there are no plans to include it yet, how can this issue be > >> escalated? I see that OCSP support is bundled into the new JDKs, > >> does this mean that it would not be too difficult for an > >> enterprising (and desperate) developer to tackle? > >> > >> Mark > >> > >> -----Original Message----- > >> From: Velpi [mailto:[EMAIL PROTECTED] > >> Sent: Monday, July 31, 2006 4:33 AM > >> To: Tomcat Users List > >> Subject: Re: Tomcat and OCSP > >> > >> > Does the new support for OCSP in Java 5.0 have any impact on how > >> > certificates are handled in Tomcat? > >> > http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html > >> > > >> > It looks like it might just work if it is set up right in the > >> > java property files. I checked the mailing list archives and > >> > found a few old references to OCSP, but nothing definitive. Any > >> > guidance would be > >> greatly appreciated. > >> > >> I'm trying to set this up too. Did you get it up and running > >> properly yet? > >> (any > >> hints?) > >> > >> > >> -- Velpi > >> > >> ------------------------------------------------------------------- > >> -- To start a new topic, e-mail: users@tomcat.apache.org To > >> unsubscribe, > >> e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> ------------------------------------------------------------------- > >> -- To start a new topic, e-mail: users@tomcat.apache.org To > >> unsubscribe, > >> e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> ------------------------------------------------------------------- > >> -- To unsubscribe, e-mail: [EMAIL PROTECTED] For > >> additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > -------------------------------------------------------------------- > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For > > additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
