Reputation: 505
Will spring RestTemplate checks certificate revocation status
Could you please let me know by default whether the spring RestTemplate do certificate revocation status check? If yes, which one it does CRL or OCSP? or If I do the JVM settings it will take as per the JVM settings.
I am not able to find it from any documentation.
I use spring-boot 1.3.5
Upvotes: 1
Views: 831
Answers (1)
Reputation: 2555
This is not easy to answer cause RestTemplate is using a ClientHttpRequestFactory to create Requests which will then be executed. The default one which is being used is SimpleClientHttpRequestFactory that uses JDK internals and should let you manipulate its behavior by passing in JVM settings. I'm not aware of the details of the JVM but I think you can configure if it should check CRL, OCSP or both as well as some other things.
But if you are using a different one like Netty4ClientHttppRequestFactory, HttpComponentsClientHttpRequestFactory or OkHttp3ClientHttpRequestFactory the behavior might be different cause the implementation behind might be a different one. In these cases I suggest you have a look at the documentation of those projects.
Hope that helps.
Upvotes: 1
Related Questions
- What is this spring.jpa.open-in-view=true property in Spring Boot?
- Spring RestTemplate GET with parameters
- Spring Security 5 : There is no PasswordEncoder mapped for the id "null"
- Is RestTemplate compatible with Spring Boot 3?
- How to fix "SSLHandshakeException" while using Spring RestTemplate with a self-signed certificate
- Spring Boot SSL and keystore certificate installation
- Is there a way to disable redirect and send http status as 302 in spring boot
- Spring RestTemplate Copy property HttpHeader to RequestBody
- Spring-Boot RestClientTest not correctly auto-configuring MockRestServiceServer due to unbound RestTemplate