Sounds good! any volunteers :) -- dims
On 8/14/06, David Del Vecchio <[EMAIL PROTECTED]> wrote:
This does seem like it would be useful functionality. Perhaps we can add path validation support, but make it configurable with a switch so that applications that need it can take advantage of it, but those that don't (or need custom processing) are unaffected. David On Mon, 14 Aug 2006 07:48:33 -0500 <[EMAIL PROTECTED]> wrote: > Wow, that is very suprising. Admittedly I am a security novice, but > I assumed verifying tbe root CA would be basic included, if not > required, functionality. Thanks for the heads up anyway. > > -----Original Message----- > From: Werner Dittmann [mailto:[EMAIL PROTECTED] Sent: > Saturday, August 12, 2006 1:41 AM > To: Hansen, Rick (TLR Corp) > Cc: [email protected] > Subject: Re: How to verify root certificate? > > Richard, > that's correct. WSS4J does not perform the certificate > verification. The WSS4J Axis handlers have some code that perform a > basic certificate path verification. This was done because certificate > path verification is sometime not necessary for basic security > (encryption). WSS4J returns > the certificate used for signature verification to the calling > application (WSSecurityEngine does this). > > Regards, > Werner > > [EMAIL PROTECTED] wrote: > > I've searched quite a bit but have found nothing on how to get > WSS4J to verify the root X509 certificate. Can anyone tell me how or > point me to an example? > > I am using WSS4J programatically (not under Axis) to sign and > verify SOAP messages. Using the WSSecSignature and WSSecurityEngine > classes I > > > have gotten thing things working well except that the root > certificate > > > is not verified. I have been using a self-signed cert for > testing and passing the cert in the BinarySecurityToken. Any > certificate seems to be trusted, in fact I can even use an empty > keystore on the server. > > Rick Hansen > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Davanum Srinivas : http://www.wso2.net (Oxygen for Web Service Developers) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
