Return-Path: 
 <cxf-user-return-4551-apmail-incubator-cxf-user-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-cxf-user-archive@locus.apache.org
Received: (qmail 6665 invoked from network); 3 Dec 2007 12:29:46 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 3 Dec 2007 12:29:46 -0000
Received: (qmail 39901 invoked by uid 500); 3 Dec 2007 12:29:33 -0000
Delivered-To: apmail-incubator-cxf-user-archive@incubator.apache.org
Received: (qmail 39849 invoked by uid 500); 3 Dec 2007 12:29:33 -0000
Mailing-List: contact cxf-user-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:cxf-user-help@incubator.apache.org>
List-Unsubscribe: <mailto:cxf-user-unsubscribe@incubator.apache.org>
List-Post: <mailto:cxf-user@incubator.apache.org>
List-Id: <cxf-user.incubator.apache.org>
Reply-To: cxf-user@incubator.apache.org
Delivered-To: mailing list cxf-user@incubator.apache.org
Received: (qmail 39839 invoked by uid 99); 3 Dec 2007 12:29:33 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Dec 2007 04:29:33 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [85.207.59.10] (HELO aura.cz) (85.207.59.10)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Dec 2007 12:29:12 +0000
Received: (qmail 29316 invoked by uid 621); 3 Dec 2007 12:24:14 -0000
Received: from 192.168.1.220 by server1.uvoz.aura.cz (envelope-from
 <jiri.mikulasek@aura.cz>, uid 502) with qmail-scanner-2.01
 (avgd: ???. spamassassin: 3.2.0.  
 Clear:RC:1(192.168.1.220):.
 Processed in 0.077728 secs); 03 Dec 2007 12:24:14 -0000
Received: from ws220.uvoz.aura.cz ([192.168.1.220])
          (envelope-sender <jiri.mikulasek@aura.cz>)
          by aura.cz (qmail-ldap-1.03) with SMTP
          for <cxf-user@incubator.apache.org>; 3 Dec 2007 12:24:13 -0000
From: "Bc. =?utf-8?q?Ji=C5=99=C3=AD?= =?utf-8?q?_Mikul=C3=A1=C5=A1ek?="
 <jiri.mikulasek@aura.cz>
Organization: AURA
To: cxf-user@incubator.apache.org
Subject: Re: CRL support
Date: Mon, 3 Dec 2007 13:28:10 +0100
User-Agent: KMail/1.9.6
References: <200711281218.09525.jiri.mikulasek@aura.cz>
 <200711282226.38864.jiri.mikulasek@aura.cz>
 <E791F6DA-980E-4BDF-A4B5-2B1BD365CE87@dushin.net>
In-Reply-To: <E791F6DA-980E-4BDF-A4B5-2B1BD365CE87@dushin.net>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200712031328.10530.jiri.mikulasek@aura.cz>
X-Virus-Checked: Checked by ClamAV on apache.org

Thanks a lot I will check it out

On Thursday 29 of November 2007 15:24:57 Fred Dushin wrote:
> See the http-conf:trustDecider in
>
> https://svn.apache.org/repos/asf/incubator/cxf/trunk/rt/transports/
> http/src/main/resources/schemas/configuration/http-conf.xsd
>
> You'll need to implement your own
> org.apache.cxf.transport.http.MessageTrustDecider, but this will get
> called when a connection is established.  Unfortunately, because of
> the design of the Sun JSSE, this is not a hook into the handshake,
> but your trust decider should be called before any application data
> is sent down the pipe.  That's the idea, at any rate.
>
> -Fred
>
> On Nov 28, 2007, at 4:26 PM, Bc. Ji=C5=99=C3=AD Mikul=C3=A1=C5=A1ek wrote:
> > thanks, because I really need CRL support is there any way how to
> > handle it on
> > my own - maybe use some interceptor, which will handle it before each
> > connection? If there is such possibility, please can somebody give
> > me few
> > basic hints, where to start what to care and so...?
> >
> > Dne st=C5=99eda 28 listopad 2007 21:32 Fred Dushin napsal(a):
> >> CXF does not have support for CRLs.
> >>
> >> On Nov 28, 2007, at 6:18 AM, Bc. Ji=C5=99=C3=AD Mikul=C3=A1=C5=A1ek wr=
ote:
> >>> Hi all,
> >>> can somebody give me a hint how to configure or program CRL
> >>> (certificate
> >>> revocation list) checking before each SSL handshake.
> >>>
> >>> In detail:
> >>> I have this configuration on client:
> >>> <http-conf:conduit
> >>> 		name=3D"{http://..../}portName.http-conduit">
> >>>
> >>> 		<http-conf:client AllowChunking=3D"false" />
> >>> 		<http-conf:tlsClientParameters secureSocketProtocol=3D"SSL">
> >>> 			<sec:trustManagers>
> >>> 	          		<sec:keyStore type=3D"JKS" password=3D"password"
> >>> 	               		url=3D"someurl"/>
> >>> 	      		</sec:trustManagers>
> >>> 			<sec:keyManagers keyPassword=3D"password">
> >>> 	          		<sec:keyStore type=3D"JKS" password=3D"password"
> >>> 	               		url=3D"someurl"/>
> >>>
> >>> 	  		</sec:keyManagers>
> >>> 		</http-conf:tlsClientParameters>
> >>>
> >>> which causes ssl communication, but before each connection I would
> >>> like to
> >>> check all certificates i keystores for revocation according some
> >>> CRL on
> >>> filesystem
> >>>
> >>>
> >>> thanks for any advice
> >>> --
> >>> Jiri Mikulasek
> >>> ---------------------------------
> >>> Developer
> >>>
> >>> AURA, s.r.o.
> >>> Uvoz 499/56; 602 00 Brno
> >>> ISO 9001 certified company
> >>> AQAP 2110 (=C4=8COS 051622)
> >>> tel./fax: +420 544 508 115
> >>> e-mail:  mikulasek@aura.cz
> >>> http://www.aura.cz
> >>> ---------------------------------



=2D-=20
Jiri Mikulasek
=2D--------------------------------
Developer

AURA, s.r.o.
Uvoz 499/56; 602 00 Brno
ISO 9001 certified company
AQAP 2110 (=C4=8COS 051622)
tel./fax: +420 544 508 115
e-mail: =C2=A0mikulasek@aura.cz
http://www.aura.cz
=2D--------------------------------