tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruce Keats <bruceke...@gmail.com>
Subject Adding CRL support to the Coyote Connector
Date Sat, 12 Feb 2005 21:49:59 GMT
After looking around and asking various people for help, it looks like
CRLs are not supported in tomcat 5.0.x.  There are some work arounds
but none are very appealing.  So rather than devote effort into the
work around, I would rather devote the effort in solving the problem
by adding CRL support into the Coyote Connector.

Are there any plans on adding CRL support in tomcat in the near
future?  Is anyone else looking into adding CRL support tomcat?

If not then I will probably take a stab at trying to implement CRL
support in the code.  Does anyone know why CRLs were not implemented
in the past?  Is there some fundamental issue that I am not aware of? 
It looks like Java supports CRLs in JRE 1.4.2 (don't know about
previous versions of java).

Any pointers to where to add CRL support in the code would be greatly
appreciated.  I am still trying to locate a good place in the code to
extract the certificates from the TLS connection them run them through
java.security.cert.X509CRL.  If the certificate presented is not valid
then the connection should be terminated.  I am also trying to find
the best place in the code to load the CRL.

Any help would be greatly appreciated.

Bruce

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message