CORDA-1319 Adding CRL checking for nodes (#2987)

* Adding CRL support for nodes * Addressing review comments
2025-06-17 22:58:19 +00:00 · 2018-04-30 09:26:26 +01:00
parent c3e6b39e59
commit ab80df342a
28 changed files with 609 additions and 57 deletions
--- a/docs/source/corda-configuration-file.rst
+++ b/docs/source/corda-configuration-file.rst
@ -67,6 +67,11 @@ absolute path to the node's base directory.

    .. note:: Longer term these keys will be managed in secure hardware devices.

+:crlCheckSoftFail: This is a boolean flag that when enabled (i.e. `true` value is set) the certificate revocation list (CRL) checking will use the soft fail mode.
+                  The soft fail mode allows the revocation check to succeed if the revocation status cannot be determined because of a network error.
+                  If this parameter is set to `false` the rigorous CRL checking takes place, meaning that each certificate in the
+                  certificate path being checked needs to have the CRL distribution point extension set and pointing to a URL serving a valid CRL.
+
 :database: Database configuration:

        :serverNameTablePrefix: Prefix string to apply to all the database tables. The default is no prefix.
--- a/docs/source/example-code/src/main/resources/example-node.conf
+++ b/docs/source/example-code/src/main/resources/example-node.conf
@ -1,6 +1,7 @@
 myLegalName : "O=Bank A,L=London,C=GB"
 keyStorePassword : "cordacadevpass"
 trustStorePassword : "trustpass"
+crlCheckSoftFail: true
 dataSourceProperties : {
    dataSourceClassName : org.h2.jdbcx.JdbcDataSource
    dataSource.url : "jdbc:h2:file:"${baseDirectory}"/persistence"