Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 9736 invoked from network); 12 Feb 2005 22:30:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 12 Feb 2005 22:30:24 -0000 Received: (qmail 30047 invoked by uid 500); 12 Feb 2005 22:30:19 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 29969 invoked by uid 500); 12 Feb 2005 22:30:19 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 29955 invoked by uid 99); 12 Feb 2005 22:30:18 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from whiskey.wilshire.com (HELO whiskey.wilshire.com) (209.0.86.69) by apache.org (qpsmtpd/0.28) with ESMTP; Sat, 12 Feb 2005 14:30:17 -0800 Received: from whiskey.wilshire.com (smmsp@localhost [127.0.0.1]) by whiskey.wilshire.com (8.12.3/8.12.3/Debian-6.6) with ESMTP id j1CMU1os014941 for ; Sat, 12 Feb 2005 14:30:01 -0800 Received: (from defang@localhost) by whiskey.wilshire.com (8.12.3/8.12.3/Debian-6.6) id j1CMMiKC014856 for ; Sat, 12 Feb 2005 14:22:44 -0800 X-Authentication-Warning: whiskey.wilshire.com: defang set sender to using -f Received: from harpy.wilshire.com (harpy.wilshire.com [192.168.1.58]) by whiskey.wilshire.com (MIMEDefang) with ESMTP id j1CMMhos014854; Sat, 12 Feb 2005 14:22:44 -0800 (PST) Received: from oemcomputer (lsanca1-ar58-4-40-035-147.lsanca1.dsl-verizon.net [4.40.35.147]) (authenticated bits=0) by harpy.wilshire.com (8.12.10/8.12.3) with ESMTP id j1CMMhHD029385; Sat, 12 Feb 2005 14:22:43 -0800 (PST) Message-ID: <00c801c51151$958769f0$93232804@oemcomputer> From: "Bill Barker" To: "Tomcat Developers List" , "Bruce Keats" References: <6c0aa95005021213491d9436c5@mail.gmail.com> Subject: Re: Adding CRL support to the Coyote Connector Date: Sat, 12 Feb 2005 14:24:08 -0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_1108247401-8919-330" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Zantaz-Archived: whiskey X-Scanned-By: MIMEDefang 2.44 X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N ------------=_1108247401-8919-330 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit Content-Disposition: inline ----- Original Message ----- From: "Bruce Keats" To: Sent: Saturday, February 12, 2005 1:49 PM Subject: Adding CRL support to the Coyote Connector > After looking around and asking various people for help, it looks like > CRLs are not supported in tomcat 5.0.x. There are some work arounds > but none are very appealing. So rather than devote effort into the > work around, I would rather devote the effort in solving the problem > by adding CRL support into the Coyote Connector. > > Are there any plans on adding CRL support in tomcat in the near > future? Is anyone else looking into adding CRL support tomcat? > I've looked at it for TC 5.5 + JRE 1.5, but it hasn't itched enough to actually get around to implementing it ;-). I'd be happy to review any patch you come up with however. > If not then I will probably take a stab at trying to implement CRL > support in the code. Does anyone know why CRLs were not implemented > in the past? Is there some fundamental issue that I am not aware of? > It looks like Java supports CRLs in JRE 1.4.2 (don't know about > previous versions of java). > Prior to CertPathTrustManagerParameters in JRE 1.5, it's more work to pass the information to the TrustManager. > Any pointers to where to add CRL support in the code would be greatly > appreciated. I am still trying to locate a good place in the code to > extract the certificates from the TLS connection them run them through > java.security.cert.X509CRL. If the certificate presented is not valid > then the connection should be terminated. I am also trying to find > the best place in the code to load the CRL. > Well, o.a.t.u.net.jsse.JSSE14SocketFactory would be the place to start, as the TrustManager is setup there. I suppose that for JRE 1.4 Tomcat could also wrap the TrustManager like it does the KeyManager. > Any help would be greatly appreciated. > > Bruce > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org > > > This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. ------------=_1108247401-8919-330 Content-Type: text/plain; charset=us-ascii --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org ------------=_1108247401-8919-330--