code review request, CR 7166570: JSSE certificate validation has started to fail for certificate chains
Brad Wetmore
bradford.wetmore at oracle.com
Tue May 8 18:48:59 UTC 2012
Hi Xuelei,
I walked through the code in the debugger, it looks good.
Just a comment for the regression test, it might have been easier and
likely faster performance-wise to simply create Simple and PKIX
trustmanagers, and then directly call checkClientTrusted and passing a
predefined chain, rather than incurring the overhead of SSL, much of
what we cover in many other tests.
Brad
On 5/5/2012 8:06 AM, Xuelei Fan wrote:
> The webrev URL should be:
> http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev.00/
>
> Xuelei
>
> On 5/5/2012 9:38 PM, Xuelei Fan wrote:
>> Hi,
>>
>> Please review the fix for JSSE certification path validation issue.
>>
>> webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7166570/webrev/
>>
>> Cause of the issue: in SimpleValiadtor, the count pathLenConstraint was
>> not calculated properly, the non-intermediate certificate (end-entity
>> certificate) was count in.
>>
>> Thanks,
>> Xuelei
>
More information about the security-dev
mailing list