ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Freeman Fang (Commented) (JIRA)" <>
Subject [jira] [Commented] (WSS-339) OCSP support
Date Thu, 16 Feb 2012 00:52:59 GMT


Freeman Fang commented on WSS-339:

Hi Colm,

Thanks for your reply.
But this issue is different with the case tracked by WSS-338. 
As this isn't controlled by a system property, it's Security property, so we have to specify
ocsp.enable property in $JAVA_HOME/jre/lib/security/ which will affect whole
JDK or left end user to use Security.setProperty("ocsp.enable", "true") programmatically.

Specify it in $JAVA_HOME/jre/lib/security/ isn't acceptable normally as it will
affect whole JDK, we can easily run into the problem that one JVM process wanna ocsp.enable=true
but the other doesn't.

Also only let end user programmatically use Security.setProperty isn't acceptable too as we
do need provide a configurable way to specify ocsp.enable, that why I introduce  enableOCSP
property for WSHanlder here, so end user can control everything they want just through wss4j
typical configuration way.


Best Regards
> OCSP support
> ------------
>                 Key: WSS-339
>                 URL:
>             Project: WSS4J
>          Issue Type: Improvement
>            Reporter: Freeman Fang
>            Assignee: Colm O hEigeartaigh
>         Attachments: WSS-339.patch
> currently WSS4J already support CRL for revocation check, it would be better that we
can also support OCSP through WSS4J configuration.
> Though we can set ocsp.enable property in $JAVA_HOME/jre/lib/security/ to
enable OCSP but it's effect JVM wide, I'd like to introduce a property in WSHandlerConstants
like enableOCSP which can trigger code like
> Security.setProperty("ocsp.enable", enableOCSP);
> This should be similar with the property enableRevocation,  the logic is
> if (enableRevocation && enableOCSP) {
>     //use OCSP to do revocation check.
> }

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message