7168191: Signature validation can fail under certain circumstances

Vincent Ryan vincent.x.ryan at oracle.com
Tue Jun 19 12:52:12 PDT 2012


Hello,

Please review the following changeset for JDK 7u6:
    http://cr.openjdk.java.net/~vinnie/7168191/webrev.01

The bug report is at:
    http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7168191

This fix addresses a bug in the OCSP client when processing key-rollover
certs. Typically such certs have the same subject name but different
keys. Now the OCSP code examines all the matching candidates (not just
the first one) both when preparing the request and when validating the
response.

Thanks.



More information about the security-dev mailing list