complete certificate path validation

David Pomeroy dfpomeroy at gmail.com
Tue Jul 12 14:07:36 PDT 2011


Hi Florian,

I'd prefer not to override the Sun provider since I am utilizing the CRL
distribution point checking.  This may be my only option though.

Thanks, Dave


On Tue, Jul 12, 2011 at 12:20 AM, Florian Weimer <fweimer at bfk.de> wrote:

> * David Pomeroy:
>
> > It looks like the Sun JSSE provider does not support this
> > configuration.
>
> If you supply your own X509TrustManager implementation, I'm pretty sure
> you can get it to work.  It definitely works if the client supplies a
> self-signed certificate, and I see no reason why it wouldn't if it's not
> self-signed.
>
> --
> Florian Weimer                <fweimer at bfk.de>
> BFK edv-consulting GmbH       http://www.bfk.de/
> Kriegsstraße 100              tel: +49-721-96201-1
> D-76133 Karlsruhe             fax: +49-721-96201-99
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20110712/31de1e7b/attachment.html 


More information about the security-dev mailing list