https://bz.apache.org/bugzilla/show_bug.cgi?id=66684
DigitalCat <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #10 from DigitalCat <[email protected]> --- Recently, I found another problem. I used the self-made crl file, configured crlFile in server.xml, and then used the curl command to access and carry the corresponding cert file. Tomcat did not find that the certificate was revoked. Instead, I use the custom sslImplementation and configure sslImplementationName in server.xml. We use sun.security.x509.X509CRLImpl#isRevoked to check the certificate, and this interface returns that the certificate is indeed revoked. We want to know whether Tomcat's verification of certificate revocation is complete. I will add the crl method in the following replies, and the certificate file content I generated. Because I cannot upload the file directly, I will paste the file content, fortunately these files are text files. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
