0

I know there are two different ways, CRL's and OCSP - I am researching where exactly in Java's SSL source code (openjdk) that these checks are performed.

As far as I can ascertain these checks are performed somewhere within the X509TrustManager#checkClientTrusted(...) and most likely passed around with a PKIXBuilderParameters object.

Can anybody locate the exact area where SSL initiates the checks on a certificate/chain that runs through the CLR data / OCSP?

An example from other security libraries would also work (such as Spring or Apache Commons)

Spartan9209
  • 549
  • 5
  • 10
  • whats the reason for your search? - maybe other libraries are interesting too for you. – Rhayene May 10 '16 at 15:30
  • Primarily as research to use for developing something similar - viewing an industry standard implementation would be very helpful. – Spartan9209 May 10 '16 at 15:58
  • Bouncy Castle may be an interesting library - an example for an [OCSP request](http://helpcoder.blogspot.de/2009/04/ocsp-and-java.html) – Rhayene May 10 '16 at 16:09

1 Answers1

1

Apache uses the library Bouncy Castle for their OCSP and CRL Verifiers. You can find these classes in their svn repository.

You find the OCSP-Handling in their OCSPVerifier and the CRL-handling in their CRLVerifier

Rhayene
  • 805
  • 9
  • 20