[EMAIL PROTECTED] wrote:
That's great! If it contains the client IP and certificate chain, then it
certainly should meet my needs. The certificate DN matching also sounds very
useful, but for now, I can just check the certfiicate information for the
matching that I need.
One thing that I've been struggling with though is to get the SSL Socket Factory to include the use of a CRL file in the trust manager. It works ok when the server socket initializes, but I have not been able to to refresh the CRL data dynamically. If you have any ideas about that or think it's a worthwhile addtion, I can add it is an enhancement request.
Thanks for your efforts!
Please file an RFE for the dynamic CRL refresh. And if you can provide a
patch that's even better. I don't know how the CRL handling is done in
Java so I wouldn't really know where to start :-)
/niklas
