There is a pretty significant part of the code which handles CRL parsing and download from EET certificates used to sign responses. I'd like to replace this part with several standard properties, which should force JRE to do the same procedure:
System.setProperty("com.sun.security.enableCRLDP", "true");
System.setProperty("com.sun.net.ssl.checkRevocation", "true");
Security.setProperty("com.sun.security.onlyCheckRevocationOfEECert", "true"); // verify only revocation of the last cert in path (the EET cert)
Could there be a problem with those properties? They will have impact on the whole JVM running this client. May it lead to problems?
Should be the revocation check configurable?
How about OCSP? It can be enabled only for the production endpoint, which is signed by a certificate providing OCSP address. For playground it doesn't work and there is no default fallback in java back to CRL.
Any other ideas, recommendations or code snippets?
There is a pretty significant part of the code which handles CRL parsing and download from EET certificates used to sign responses. I'd like to replace this part with several standard properties, which should force JRE to do the same procedure:
Any other ideas, recommendations or code snippets?
Thanks!