complete certificate path validation
David Pomeroy
dfpomeroy at gmail.com
Tue Jul 12 21:07:36 UTC 2011
Hi Florian,
I'd prefer not to override the Sun provider since I am utilizing the CRL
distribution point checking. This may be my only option though.
Thanks, Dave
On Tue, Jul 12, 2011 at 12:20 AM, Florian Weimer <fweimer at bfk.de> wrote:
> * David Pomeroy:
>
> > It looks like the Sun JSSE provider does not support this
> > configuration.
>
> If you supply your own X509TrustManager implementation, I'm pretty sure
> you can get it to work. It definitely works if the client supplies a
> self-signed certificate, and I see no reason why it wouldn't if it's not
> self-signed.
>
> --
> Florian Weimer <fweimer at bfk.de>
> BFK edv-consulting GmbH http://www.bfk.de/
> Kriegsstraße 100 tel: +49-721-96201-1
> D-76133 Karlsruhe fax: +49-721-96201-99
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20110712/31de1e7b/attachment.htm>
More information about the security-dev
mailing list