I posted a request for help regarding an issue with configuration of CRL for
HTTPS connector on the users list but haven't receive any insights on the
matter. I am re-posting the message with summary information in hope that
someone on the dev list can help.
* * *
Up to Tomcat 7.0.10, I used the crlFile configuration along with the SunX509
algorithm in SSL HTTP connector configuration in server.xml. However, when I
start Tomcat 7.0.11, 7.0.14 or 7.0.16 with the same configuration, I get the
following error:
Jun 16, 2011 12:22:22 PM org.apache.coyote.
AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-bio-8443"]
java.io.IOException: CRLs not supported for type: SunX509
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:476)
...
Caused by: java.io.IOException: CRLs not supported for type: SunX509
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:476)
at org.apache.tomcat.util.net.
jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
...
I am using JDK 6 update 26.
Has CRL support been recently removed for SunX509 algorithm? Anybody on the
dev list would know why this might have been introduced in 7.0.11?
I have seen that some code was committed in the JSSESocketFactory class in
7.0.11, but I can't see the correlation between this change and the
exception that started to be thrown in 7.0.11.
Martin
