https://issues.apache.org/bugzilla/show_bug.cgi?id=45392
Summary: No OCSP support for client SSL verification
Product: Tomcat 6
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Keywords: PatchAvailable
Severity: normal
Priority: P2
Component: Connectors
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
Created an attachment (id=22251)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22251)
patch to add basic support for OCSP
Standalone tocmat (tomcat6) with apr support (tcnative 1.1.13) has no support
for OCSP checking in the certificates even if the certificates have OCSP
information. This permits clients with revoked certificates to use them as
authentication method. The following patch that is attached adds basic
functionality for OCSP support to prevent this type of attack. (patch made
against tomcat native 1.1.13).
More info http://email.uoa.gr/projects/misc/tomcat-ocsp/
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
