https://bz.apache.org/bugzilla/show_bug.cgi?id=60716
--- Comment #5 from Kirill <kego...@gmail.com> --- (In reply to Mark Thomas from comment #3) > Another example of why configuration via system property is just wrong. Sigh. > > The call to setRevocationEnabled(false) is necessary when no revocation is > configured since the default is true. Without it, all certs fail validation. > > I think the simplest solution is a new JSSE property on SSLHostConfig - > revocationEnabled. It will be ignored / assumed to be true if > certificateRevocationListFile is set. Default will be false (current > behaviour). If you need to configure revocation via proprietary methods for > your JSSE provider then you can do so and set the new attribute to true. > > I should have a patch for this shortly. Agree with you. Thank you. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
