DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=35932>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35932 Summary: document/support OCSP and CRL checking via certificate CDPs (Certificate Revocation) Product: HttpClient Version: Nightly Builds Platform: Other OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Commons HttpClient AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] >From what I see, this is not yet supported: am I connecting to a correct https server with a non-revoked key/certificate? It would be great if the http-client did such revocation checking as per the CDPs/OCSPs that might be listed in its certificate(-path). While at least some basic CRL support is available since JDK1.4, OCSP only appears to have been added in 1.5 (and unfortunately it looks like this is mainly done on a global basis and thus not necessarily always thread-safe - http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html). Promising complementary open source building blocks appear to be available in http://www.bouncycastle.org/devmailarchive/msg03437.html and http://www.bouncycastle.org/devmailarchive/msg03459.html, ... I guess one approach might be to extend Oleg's nice AuthSSLProtocolSocketFactory to make sure that revoked server certificates that pass the PKIX cert-path validation, etc. are blocked according to the CDPs/OCSPs/Netscape Revocation URLs(Thawte). Too bad we missed the Google Summer of Code (http://wiki.apache.org/general/SummerOfCode2005) with this ;) Similar RFE for SOAP is http://issues.apache.org/jira/browse/AXIS-2154 -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
