My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 1990: Use optional CRL with CLIENT_SSL_CERT_LDAP
1 person starred this issue and may be notified of changes. Back to list
Status:  Released
Owner:  ----
Closed:  Aug 2013


Sign in to add a comment
 
Reported by mrchul...@gmail.com, Jul 3, 2013
Gerrit with CLIENT_SSL_CERT_LDAP authentication uses no CRL (certificate revocation list).

Fixing gerrit-pgm/com.google.gerrit.pgm.http.jetty.JettyServer will allow to use an optional CRL.

Current code:
        if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType)) {
          ssl.setNeedClientAuth(true);
        }

New code:
        if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType)) {
          ssl.setNeedClientAuth(true);
          // Use optional crl
          //
          final File crl = getFile(cfg, "sslcrl", "etc/crl.pem");
          if (crl.exists()) {
            ssl.setCrlPath(crl.getAbsolutePath());
            ssl.setValidatePeerCerts(true);
          }
        }

Jul 3, 2013
#1 dborowitz@google.com
Thanks for the suggested fix. Please submit this patch via gerrit-review.googlesource.com following these instructions:
https://gerrit-review.googlesource.com/Documentation/dev-contributing.html
Aug 18, 2013
#3 sop@google.com
(No comment was entered for this change.)
Status: Submitted
Labels: FixedIn-2.8
Dec 9, 2013
Project Member #4 david.pu...@sonymobile.com
(No comment was entered for this change.)
Status: Released
Sign in to add a comment

Powered by Google Project Hosting