Menu
▾
▴
Re: [Quickfixj-users] Certificate Revocation List Verification
|
From: Aaron B. <aar...@gm...> - 2019-11-12 00:01:09
|
I've been working through the implications of different trust manager implementations and have run into an important question. Is there a way to replace the trust manager in any of the packaged acceptors? I'm currently using the threaded socket acceptor, but the SSL bits all seem to be buried in the abstract socket acceptor. Furthermore, it seems like the initialization of the trust manager is buried inside of the ssl context factory, and there's no option to specify different behavior. I'd love to better understand the options before diving into a rabbit hole that may not be necessary. If the right answer is submitting a pull request that makes this easier, I am happy to explore that as well. On Mon, Oct 21, 2019 at 7:28 AM Christoph John <chr...@ma...> wrote: > BTW, we are happy about every code contribution that might help other > users. :) > > Cheers, > Chris. > > > On 19.10.19 15:50, Aaron Bedra wrote: > > QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ > QuickFIX/J Support: http://www.quickfixj.org/support/ > > > Ah, got it. I didn't think about just replacing the trust manager. Thank > you! > > On Fri, 2019-10-18 at 14:11 -0400, Philip Whitehouse wrote: > > QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ > > QuickFIX/J Support: http://www.quickfixj.org/support/ > > You probably need a custom TrustManager implementation. See > https://stackoverflow.com/a/38523104/1052931 for a potential > implementation - not sure how secure it is. > > Best, > > Philip Whitehouse > > On 18 Oct 2019, at 13:24, Aaron Bedra <aar...@gm...> > <aar...@gm...> wrote: > > QuickFIX/J Documentation: http://www.quickfixj.org/documentation/ > QuickFIX/J Support: http://www.quickfixj.org/support/ > > > I'm looking to add a CRL to the client certificate validation on my > quickfixj engine. It appears that the C++ engine supports this via > the CertificateRevocationListFile option and uses OpenSSL to verify it. I > have been digging through the quickfixj code and have not found anything > equivalent. Is this feature not available or did I miss it? > _______________________________________________ > Quickfixj-users mailing list > Qui...@li... > https://lists.sourceforge.net/lists/listinfo/quickfixj-users > > _______________________________________________ > > Quickfixj-users mailing list > > Qui...@li... > > https://lists.sourceforge.net/lists/listinfo/quickfixj-users > > > > _______________________________________________ > Quickfixj-users mailing lis...@li...://lists.sourceforge.net/lists/listinfo/quickfixj-users > > > -- > Christoph John > Software Engineering > T +49 241 557...@ma... > > MACD GmbH > Oppenhoffallee 103 > 52066 Aachen, Germanywww.macd.com > > Amtsgericht Aachen: HRB 8151 > Ust.-Id: DE 813021663 > Geschäftsführer: George Macdonald > > |
