Merge "Use optional CRL with CLIENT_SSL_CERT_LDAP"

2013-08-18 22:19:10 +00:00
parent edc985797b b72ff8fa6e
commit c3ad7f6a56
2 changed files with 25 additions and 0 deletions
--- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
+++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
@@ -193,6 +193,12 @@ public class JettyServer {

        if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType)) {
          ssl.setNeedClientAuth(true);
+
+          File crl = getFile(cfg, "sslcrl", "etc/crl.pem");
+          if (crl.exists()) {
+            ssl.setCrlPath(crl.getAbsolutePath());
+            ssl.setValidatePeerCerts(true);
+          }
        }

        defaultPort = 443;