Make trustmanager reload CRLs by default. Fixes #80.

jglobus / JGlobus

jGlobus is a collection of Java client libraries for Globus® Toolkit security, GRAM, and GridFTP.

http://www.globus.org/toolkit/jglobus/

Apache License 2.0

24 stars 44 forks source link

Make trustmanager reload CRLs by default. Fixes #80. #84

Closed bbockelm closed 11 years ago

bbockelm commented 11 years ago

This pull request makes the trustmanager default to the CertificateRevocationLists class (but leaves the ability to specify a CertStore).

Includes a test to make sure things refresh.

kofemann commented 11 years ago

I will try it on our test system before we merge it.

bbockelm commented 11 years ago

Ok -

In terms of testing, the quickest way I found to replicate this is to locate an expired CRL for the CERN CA and startup the container with that. It should toss an error when validating any CERN-issued certificate. Then, pop in a fresh CRL and, without restarting the server, the client should be able to authenticate. The default refresh time is 60s.

bbockelm commented 11 years ago

@gbehrmann and @kofemann - I just pushed changes base on your suggestions.

Ready to roll?

gbehrmann commented 11 years ago

I don't have further comments.

bbockelm commented 11 years ago

Cherry-picked into master.