https://bz.apache.org/bugzilla/show_bug.cgi?id=66684
--- Comment #5 from Christopher Schultz <ch...@christopherschultz.net> --- Blank-file with enforce-revocation=true should be considered a case of "I do want to enforce revocation but I don't (yet?) have any revoked certificates", and therefore all connections should be allowed. But I'm not sure I'm in favor of this patch as written. It would be better to configure the CRL properly so that it does not cause failures, rather than simply disabling revocation-checking. A facility which reloads the CRL may fail to reset the revocation-checking flag. If getParameters is guaranteed to be called again to generate the CertPathParameters any time the CRL is re-loaded, then I think this is okay. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
