tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 53940] New: Added support for new CRL loading after expiration
Date Thu, 27 Sep 2012 14:54:00 GMT

          Priority: P2
            Bug ID: 53940
           Summary: Added support for new CRL loading after expiration
          Severity: enhancement
    Classification: Unclassified
                OS: All
          Hardware: PC
            Status: NEW
           Version: 1.1.24
         Component: Library
           Product: Tomcat Native

Created attachment 29426
CRL reloading support.

Apache Tomcat with tcnative loads the CRL list when it starts up, and ignores
any following updates. The use of OCSP can help this issue to be amortized.
However, the issue comes back again when the CRL expires, and Apache Tomcat
refuses to complete any more requests because of the expired CRL.

With this patch, it is possible to reload the new CRL when the previous one
expires. For more information about the patch please have a look at:

It would be nice to include it in tha main Tomcat Tree, since together with the
OCSP support, it is possible to have fast and stable cert verification to be
used with client authentication.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message