code review request, CR 7166570: JSSE certificate validation has started to fail for certificate chains
bradford.wetmore at oracle.com
Tue May 8 11:48:59 PDT 2012
I walked through the code in the debugger, it looks good.
Just a comment for the regression test, it might have been easier and
likely faster performance-wise to simply create Simple and PKIX
trustmanagers, and then directly call checkClientTrusted and passing a
predefined chain, rather than incurring the overhead of SSL, much of
what we cover in many other tests.
On 5/5/2012 8:06 AM, Xuelei Fan wrote:
> The webrev URL should be:
> On 5/5/2012 9:38 PM, Xuelei Fan wrote:
>> Please review the fix for JSSE certification path validation issue.
>> webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev/
>> Cause of the issue: in SimpleValiadtor, the count pathLenConstraint was
>> not calculated properly, the non-intermediate certificate (end-entity
>> certificate) was count in.
More information about the security-dev