Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 316382

Summary: support a more strict SSL option with certificates
Product: [RT] Jetty Reporter: Joakim Erdfelt <joakim.erdfelt>
Component: otherAssignee: Michael Gorovoy <mgorovoy>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: jesse.mcconnell, jetty-inbox, mgorovoy
Version: 7.1.0   
Target Milestone: 7.3.x   
Hardware: All   
OS: All   
Whiteboard:

Description Joakim Erdfelt CLA 2010-06-09 17:08:12 EDT 
The Jetty Client should have an option for Strict SSL verification.

One example would be to check the Server SSL certificate and ensure that it is valid and not revoked.

A good test for this would be to hit a known revoked certificate such as https://www.banksouth.net/
Comment 1 Jesse McConnell CLA 2011-01-12 18:25:04 EST 
along the same lines an option to force validation of the certificates being used for a given ssl connector wouldn't be a terrible idea either...

ie, you are unable to start the server if the certificate chain of the cert your starting with doesn't check out
Comment 2 Joakim Erdfelt CLA 2011-01-12 18:49:34 EST 
The old example of a revoked certificate is no longer valid.
Need to find (or better yet mock up in a unit test) a revoked SSL certificate.
Comment 3 Jesse McConnell CLA 2011-02-08 17:56:14 EST 
making this a touch broader scope to include the server side changes as well
Comment 4 Michael Gorovoy CLA 2011-03-14 13:59:53 EDT 
Committed r2748, r2795, r2799, r2801, r2832