| Issue 1990: | Use optional CRL with CLIENT_SSL_CERT_LDAP | |
| 1 person starred this issue and may be notified of changes. | Back to list |
Gerrit with CLIENT_SSL_CERT_LDAP authentication uses no CRL (certificate revocation list).
Fixing gerrit-pgm/com.google.gerrit.pgm.http.jetty.JettyServer will allow to use an optional CRL.
Current code:
if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType)) {
ssl.setNeedClientAuth(true);
}
New code:
if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType)) {
ssl.setNeedClientAuth(true);
// Use optional crl
//
final File crl = getFile(cfg, "sslcrl", "etc/crl.pem");
if (crl.exists()) {
ssl.setCrlPath(crl.getAbsolutePath());
ssl.setValidatePeerCerts(true);
}
}
Jul 3, 2013
#1
dborowitz@google.com
Jul 4, 2013
Please review: https://gerrit-review.googlesource.com/#/c/47490/
Aug 18, 2013
(No comment was entered for this change.)
Status:
Submitted
Labels: FixedIn-2.8
Dec 9, 2013
(No comment was entered for this change.)
Status:
Released
|
|
| ► Sign in to add a comment |