[jboss-user] [Security & JAAS/JBoss] - Re: JBOSS Support for CRL
anil.saldhana@jboss.com
do-not-reply at jboss.com
Wed Jul 23 05:47:26 EDT 2008
I am guessing that what you are referring is to the "crlFile" setting on the JSSE Connector in tomcat server.xml. Is that correct?
The current implementation of the tomcat socket factory does a load of the crl file when tomcat starts.
http://svn.apache.org/repos/asf/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSE15SocketFactory.java
This is the classic problem that exists in the tomcat infrastructure that any changes to server.xml including any files that may be related to the tomcat server configuration, requires a restart.
For JBoss, we have had a feature request for a long time now.
https://jira.jboss.org/jira/browse/JBAS-3019
Vote on this JIRA issue if you want to raise the priority.
What is really needed is a JBoss version of the JDK TrustManager implementation that can lazily load CRL Files, that can be plugged in at the JVM level, such that not only the https layer but also RMI/SSL etc can make use of CRL validation.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4166108#4166108
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4166108
More information about the jboss-user
mailing list