cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bc. Jiří Mikulášek" <jiri.mikula...@aura.cz>
Subject Re: CRL support
Date Mon, 03 Dec 2007 12:28:10 GMT
Thanks a lot I will check it out

On Thursday 29 of November 2007 15:24:57 Fred Dushin wrote:
> See the http-conf:trustDecider in
>
> https://svn.apache.org/repos/asf/incubator/cxf/trunk/rt/transports/
> http/src/main/resources/schemas/configuration/http-conf.xsd
>
> You'll need to implement your own
> org.apache.cxf.transport.http.MessageTrustDecider, but this will get
> called when a connection is established.  Unfortunately, because of
> the design of the Sun JSSE, this is not a hook into the handshake,
> but your trust decider should be called before any application data
> is sent down the pipe.  That's the idea, at any rate.
>
> -Fred
>
> On Nov 28, 2007, at 4:26 PM, Bc. Jiří Mikulášek wrote:
> > thanks, because I really need CRL support is there any way how to
> > handle it on
> > my own - maybe use some interceptor, which will handle it before each
> > connection? If there is such possibility, please can somebody give
> > me few
> > basic hints, where to start what to care and so...?
> >
> > Dne středa 28 listopad 2007 21:32 Fred Dushin napsal(a):
> >> CXF does not have support for CRLs.
> >>
> >> On Nov 28, 2007, at 6:18 AM, Bc. Jiří Mikulášek wrote:
> >>> Hi all,
> >>> can somebody give me a hint how to configure or program CRL
> >>> (certificate
> >>> revocation list) checking before each SSL handshake.
> >>>
> >>> In detail:
> >>> I have this configuration on client:
> >>> <http-conf:conduit
> >>> 		name="{http://..../}portName.http-conduit">
> >>>
> >>> 		<http-conf:client AllowChunking="false" />
> >>> 		<http-conf:tlsClientParameters secureSocketProtocol="SSL">
> >>> 			<sec:trustManagers>
> >>> 	          		<sec:keyStore type="JKS" password="password"
> >>> 	               		url="someurl"/>
> >>> 	      		</sec:trustManagers>
> >>> 			<sec:keyManagers keyPassword="password">
> >>> 	          		<sec:keyStore type="JKS" password="password"
> >>> 	               		url="someurl"/>
> >>>
> >>> 	  		</sec:keyManagers>
> >>> 		</http-conf:tlsClientParameters>
> >>>
> >>> which causes ssl communication, but before each connection I would
> >>> like to
> >>> check all certificates i keystores for revocation according some
> >>> CRL on
> >>> filesystem
> >>>
> >>>
> >>> thanks for any advice
> >>> --
> >>> Jiri Mikulasek
> >>> ---------------------------------
> >>> Developer
> >>>
> >>> AURA, s.r.o.
> >>> Uvoz 499/56; 602 00 Brno
> >>> ISO 9001 certified company
> >>> AQAP 2110 (ČOS 051622)
> >>> tel./fax: +420 544 508 115
> >>> e-mail:  mikulasek@aura.cz
> >>> http://www.aura.cz
> >>> ---------------------------------



-- 
Jiri Mikulasek
---------------------------------
Developer

AURA, s.r.o.
Uvoz 499/56; 602 00 Brno
ISO 9001 certified company
AQAP 2110 (ČOS 051622)
tel./fax: +420 544 508 115
e-mail:  mikulasek@aura.cz
http://www.aura.cz
---------------------------------

Mime
View raw message