[
https://issues.apache.org/jira/browse/WSS-71?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ruchith Udayanga Fernando updated WSS-71:
-----------------------------------------
Description:
validateCertPath() must look into the CA certs available in
{java.home}/lib/security/cacerts keystore in certificate path validation.
Otherwise we will have to manually copy the CA certs into the keystore
Also we will have to update the creation of the certificate chain in
verifyTrust() of WSHandler to makesure that we don't include the trust anchors
in the cert path. [1]
[1] http://archives.java.sun.com/cgi-bin/wa?A2=ind0212&L=java-security&P=1411
was:
validateCertPath() must look into the CA certs available in
{java.home}/lib/security/cacerts keystorein certificate path validation.
Otherwise we will have to manually copy the CA certs into the keystore
Also we will have to update the creation of the certificate chain in
verifyTrust() of WSHandler to makesure that we don't include the trust anchors
in the cert path. [1]
[1] http://archives.java.sun.com/cgi-bin/wa?A2=ind0212&L=java-security&P=1411
> Improve Merlin to use cacerts in validateCertPath()
> ---------------------------------------------------
>
> Key: WSS-71
> URL: https://issues.apache.org/jira/browse/WSS-71
> Project: WSS4J
> Issue Type: Improvement
> Reporter: Ruchith Udayanga Fernando
> Assigned To: Ruchith Udayanga Fernando
> Priority: Blocker
>
> validateCertPath() must look into the CA certs available in
> {java.home}/lib/security/cacerts keystore in certificate path validation.
> Otherwise we will have to manually copy the CA certs into the keystore
> Also we will have to update the creation of the certificate chain in
> verifyTrust() of WSHandler to makesure that we don't include the trust
> anchors in the cert path. [1]
> [1] http://archives.java.sun.com/cgi-bin/wa?A2=ind0212&L=java-security&P=1411
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
