tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53940] New: Added support for new CRL loading after expiration
Date Thu, 27 Sep 2012 14:54:00 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53940

          Priority: P2
            Bug ID: 53940
          Assignee: dev@tomcat.apache.org
           Summary: Added support for new CRL loading after expiration
          Severity: enhancement
    Classification: Unclassified
                OS: All
          Reporter: arisg@noc.edunet.gr
          Hardware: PC
            Status: NEW
           Version: 1.1.24
         Component: Library
           Product: Tomcat Native

Created attachment 29426
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=29426&action=edit
CRL reloading support.

Apache Tomcat with tcnative loads the CRL list when it starts up, and ignores
any following updates. The use of OCSP can help this issue to be amortized.
However, the issue comes back again when the CRL expires, and Apache Tomcat
refuses to complete any more requests because of the expired CRL.

With this patch, it is possible to reload the new CRL when the previous one
expires. For more information about the patch please have a look at:
http://code.uoa.gr/p/tomcat-ocsp/reload.php

It would be nice to include it in tha main Tomcat Tree, since together with the
OCSP support, it is possible to have fast and stable cert verification to be
used with client authentication.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message