complete certificate path validation

David Pomeroy dfpomeroy at
Tue Jul 12 14:07:36 PDT 2011

Hi Florian,

I'd prefer not to override the Sun provider since I am utilizing the CRL
distribution point checking.  This may be my only option though.

Thanks, Dave

On Tue, Jul 12, 2011 at 12:20 AM, Florian Weimer <fweimer at> wrote:

> * David Pomeroy:
> > It looks like the Sun JSSE provider does not support this
> > configuration.
> If you supply your own X509TrustManager implementation, I'm pretty sure
> you can get it to work.  It definitely works if the client supplies a
> self-signed certificate, and I see no reason why it wouldn't if it's not
> self-signed.
> --
> Florian Weimer                <fweimer at>
> BFK edv-consulting GmbH
> Kriegsstraße 100              tel: +49-721-96201-1
> D-76133 Karlsruhe             fax: +49-721-96201-99
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the security-dev mailing list