https://bz.apache.org/bugzilla/show_bug.cgi?id=60716
--- Comment #3 from Mark Thomas <ma...@apache.org> --- Another example of why configuration via system property is just wrong. Sigh. The call to setRevocationEnabled(false) is necessary when no revocation is configured since the default is true. Without it, all certs fail validation. I think the simplest solution is a new JSSE property on SSLHostConfig - revocationEnabled. It will be ignored / assumed to be true if certificateRevocationListFile is set. Default will be false (current behaviour). If you need to configure revocation via proprietary methods for your JSSE provider then you can do so and set the new attribute to true. I should have a patch for this shortly. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
