hg: jdk6/jdk6/jdk: 2 new changesets
Sean Mullan
Sean.Mullan at Sun.COM
Fri Jan 15 07:40:55 PST 2010
Andrew John Hughes wrote:
> 2010/1/13 <sean.mullan at sun.com>:
>> Changeset: c33ca6c539bf
>> Author: mullan
>> Date: 2010-01-13 09:29 -0500
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/c33ca6c539bf
>>
>> 6744888: OCSP validation code should permit some clock skew when checking validity
>> 6745437: Add option to only check revocation of end-entity certificate in a chain
>> 6869739: Cannot check revocation of single certificate without validating the entire chain
>> 6885667: CertPath/CertPathValidatorTest/bugs/bug6383078 fails on jdk6u18/b02, jdk7/pit/b73 and passes on b72.
>> 6894461: OCSP Checker should not wrap all Exception as "Unable to send OCSP request."(introduced by #6885667)
>> Reviewed-by: dgu, vinnie, xuelei
>>
>> + src/share/classes/sun/security/action/GetBooleanSecurityPropertyAction.java
>> ! src/share/classes/sun/security/provider/certpath/Builder.java
>> ! src/share/classes/sun/security/provider/certpath/CertId.java
>> ! src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java
>> ! src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
>> ! src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
>> + src/share/classes/sun/security/provider/certpath/OCSP.java
>> ! src/share/classes/sun/security/provider/certpath/OCSPChecker.java
>> ! src/share/classes/sun/security/provider/certpath/OCSPRequest.java
>> ! src/share/classes/sun/security/provider/certpath/OCSPResponse.java
>> ! src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
>> ! src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
>> ! src/share/classes/sun/security/x509/AccessDescription.java
>>
>> Changeset: 22cf4479d879
>> Author: mullan
>> Date: 2010-01-13 09:31 -0500
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/22cf4479d879
>>
>> Merge
>>
>>
>>
>
> I didn't see this discussed on the jdk6 list. What is it for? We're
> currently trying to test b18 for release and importing more random
> changesets really doesn't help!
There was a request to support multiple OCSP SingleResponses in OpenJDK 6 on the
security-dev alias :
http://mail.openjdk.java.net/pipermail/security-dev/2010-January/001486.html
This required a backport of several related CRs already fixed in OpenJDK 7 that
addressed this issue.
Let me know if this is still an issue and I will back it out for a later build.
Also, I will discuss these and other changes on the jdk6 list before putting
changes back in the future.
--Sean
More information about the jdk6-dev
mailing list