Bug 53940 - Added support for new CRL loading after expiration
Summary: Added support for new CRL loading after expiration
Status: NEW
Alias: None
Product: Tomcat Native
Classification: Unclassified
Component: Library (show other bugs)
Version: 1.1.24
Hardware: PC All
: P2 enhancement with 1 vote (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2012-09-27 14:54 UTC by Aristotelis
Modified: 2018-03-19 13:52 UTC (History)
0 users



Attachments
CRL reloading support. (6.09 KB, patch)
2012-09-27 14:54 UTC, Aristotelis
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Aristotelis 2012-09-27 14:54:00 UTC
Created attachment 29426 [details]
CRL reloading support.

Apache Tomcat with tcnative loads the CRL list when it starts up, and ignores any following updates. The use of OCSP can help this issue to be amortized. However, the issue comes back again when the CRL expires, and Apache Tomcat refuses to complete any more requests because of the expired CRL.

With this patch, it is possible to reload the new CRL when the previous one expires. For more information about the patch please have a look at: http://code.uoa.gr/p/tomcat-ocsp/reload.php

It would be nice to include it in tha main Tomcat Tree, since together with the OCSP support, it is possible to have fast and stable cert verification to be used with client authentication.