[8] code review request: 8019259: Failover to CRL checking does not happen if wrong OCSP responder URL is set

Vincent Ryan vincent.x.ryan at oracle.com
Fri Jun 28 11:41:15 PDT 2013


Hello,

Please review the following JDK 8 fix:

Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8019259
Webrev:  http://cr.openjdk.java.net/~vinnie/8019259/webrev.00/

It corrects a problem during X.509 certificate revocation checking where failover to using CRLs is not
performed in the case when a malformed URL has been supplied as the URL of the OCSP responder.
The fix ensures all exceptions during OCSP are caught and wrapped so that the failover mechanism
does not get skipped.

Thanks.



More information about the security-dev mailing list