https://bz.apache.org/bugzilla/show_bug.cgi?id=60716
--- Comment #2 from Kirill <kego...@gmail.com> --- (In reply to Remy Maucherat from comment #1) > Ok, I see r1757578 added an explicit setRevocationEnabled(false). I think > this may need to be improved. > > But overall I think this won't be reverted, as the use and continued support > of proprietary system properties like that is never good nor guaranteed. > Especially since it's JVM wide while we now need to have per vhost > configuration, in case you haven't noticed. I agree, that these properties are proprietary. But without such properties I can't check certificate revocation using CRLDP. Also OCSP check doesn't work too... And there is no backward compatibility with tomcat 7.x and 8.0.x. Of cause, it's possible to implement my own TrustManager and check CRL and OCSP there. But this way is quite complicated. Why you can't remove setRevocationEnabled(false) in the else section or parameterize it? Without it default jvm configuration will be used, so user can enable/disable revocation check using jvm properties. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
