Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 316382 - support a more strict SSL option with certificates
Summary: support a more strict SSL option with certificates
Status: RESOLVED FIXED
Alias: None
Product: Jetty
Classification: RT
Component: other (show other bugs)
Version: 7.1.0   Edit
Hardware: All All
: P3 normal (vote)
Target Milestone: 7.3.x   Edit
Assignee: Michael Gorovoy CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-09 17:08 EDT by Joakim Erdfelt CLA
Modified: 2011-03-14 13:59 EDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joakim Erdfelt CLA 2010-06-09 17:08:12 EDT 
The Jetty Client should have an option for Strict SSL verification.

One example would be to check the Server SSL certificate and ensure that it is valid and not revoked.

A good test for this would be to hit a known revoked certificate such as https://www.banksouth.net/
Comment 1 Jesse McConnell CLA 2011-01-12 18:25:04 EST 
along the same lines an option to force validation of the certificates being used for a given ssl connector wouldn't be a terrible idea either...

ie, you are unable to start the server if the certificate chain of the cert your starting with doesn't check out
Comment 2 Joakim Erdfelt CLA 2011-01-12 18:49:34 EST 
The old example of a revoked certificate is no longer valid.
Need to find (or better yet mock up in a unit test) a revoked SSL certificate.
Comment 3 Jesse McConnell CLA 2011-02-08 17:56:14 EST 
making this a touch broader scope to include the server side changes as well
Comment 4 Michael Gorovoy CLA 2011-03-14 13:59:53 EDT 
Committed r2748, r2795, r2799, r2801, r2832