https://issues.apache.org/bugzilla/show_bug.cgi?id=53940
Priority: P2
Bug ID: 53940
Assignee: dev@tomcat.apache.org
Summary: Added support for new CRL loading after expiration
Severity: enhancement
Classification: Unclassified
OS: All
Reporter: ar...@noc.edunet.gr
Hardware: PC
Status: NEW
Version: 1.1.24
Component: Library
Product: Tomcat Native
Created attachment 29426
--> https://issues.apache.org/bugzilla/attachment.cgi?id=29426&action=edit
CRL reloading support.
Apache Tomcat with tcnative loads the CRL list when it starts up, and ignores
any following updates. The use of OCSP can help this issue to be amortized.
However, the issue comes back again when the CRL expires, and Apache Tomcat
refuses to complete any more requests because of the expired CRL.
With this patch, it is possible to reload the new CRL when the previous one
expires. For more information about the patch please have a look at:
http://code.uoa.gr/p/tomcat-ocsp/reload.php
It would be nice to include it in tha main Tomcat Tree, since together with the
OCSP support, it is possible to have fast and stable cert verification to be
used with client authentication.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
