Results 1 to 2 of 2

Thread: Check X509 certificate revocation status in Spring-Security before authenticating

  1. Dec 14th, 2011, 09:11 AM #1
    dyip
    dyip is offline Junior Member
    Join Date
    Dec 2011
    Posts
    1

    Default Check X509 certificate revocation status in Spring-Security before authenticating

    Is it possible to check the revocation status of a x509 client certificate through the CRL in spring-security before authenticating it? I've checked documentations (http://static.springsource.org/sprin...ence/x509.html) but it doesn't mention anything about CRL.

    Implementing UserService only gives you the username and not the X509Certificate. Any help would be appreciated!

    Thanks!
    Reply With Quote Reply With Quote
  2. Dec 14th, 2011, 02:58 PM #2
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    No, there's no functionality for checking CRLs. The SSL handshake is performed by the servlet container, so that is most likely where any CRL checking ought to occur. Spring Security's X.509 authentication assumes that the certificate is valid from an SSL perspective and only attempts to translate the data into a valid user identity in the local system.
    Spring - by Pivotal
    twitter @tekul
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules