PKIXRevocationChecker.Options not configurable through ssl-config #79
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
I am using akka-http defaultClientHttpsContext for the client https connections. I configured RevocationChecker to use CRL, and I wan't to configure additional options PKIXRevocationChecker.Option.SOFT_FAIL to ignore any network failures while downloading the CRL (https://docs.oracle.com/javase/8/docs/technotes/guides/security/certpath/CertPathProgGuide.html#PKIXRevocationChecker). But this configuration is not exposed in ssl-config.
I want to continue with SSL handshake upon CRL validation failure due to n/w issues.
Aborting encrypted connection to 52.14.138.136:443 due to [SSLHandshakeException:General SSLEngine problem] -> [SSLHandshakeException:General SSLEngine problem] -> [ValidatorException:PKIX path validation failed: java.security.cert.CertPathValidatorException: Unable to determine revocation status due to network error] -> [CertPathValidatorException:Unable to determine revocation status due to network error] -> [CertStoreTypeException:java.net.SocketTimeoutException: connect timed out] -> [SocketTimeoutException:connect timed out]The text was updated successfully, but these errors were encountered: