[8] code review request: 8019259: Failover to CRL checking does not happen if wrong OCSP responder URL is set

Xuelei Fan xuelei.fan at oracle.com
Fri Jun 28 17:53:35 PDT 2013


Looks fine to me.

Hmm, it is a case to learn that RuntimeException should be token care of
sometimes.

Thanks,
Xuelei

On 6/29/2013 2:41 AM, Vincent Ryan wrote:
> Hello,
> 
> Please review the following JDK 8 fix:
> 
> Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8019259
> Webrev:  http://cr.openjdk.java.net/~vinnie/8019259/webrev.00/
> 
> It corrects a problem during X.509 certificate revocation checking where failover to using CRLs is not
> performed in the case when a malformed URL has been supplied as the URL of the OCSP responder.
> The fix ensures all exceptions during OCSP are caught and wrapped so that the failover mechanism
> does not get skipped.
> 
> Thanks.
> 



More information about the security-dev mailing list