Code review request: 7197652: Impossible to run any signed JNLP applications or applets, OCSP off by default

Vincent Ryan vincent.x.ryan at oracle.com
Tue Oct 16 12:55:52 UTC 2012


We used to have automated tests that accessed live OCSP responders but results were often unreliable
because of intermittent network and proxy issues. I am developing an automated test that uses a cached
OCSP response which will be more robust. 

On 16 Oct 2012, at 11:52, Xerxes Rånby wrote:

> 2012-10-01 04:30, Vincent Ryan wrote:
>> Please review these changes for JDK 7 to correct the trust decision when examining the signer certificate of an OCSP response. When matching two certificates the key identifiers should only be checked if present in both.
>> 
>> http://cr.openjdk.java.net/~vinnie/7197652/webrev.00/
>> 
>> Thanks.
> 
> Is this code covered by any of the existing JDK 7 jtreg tests?
> If not then please add a new jtreg test to help with testing and verification.
> 
> Cheers
> Xerxes




More information about the security-dev mailing list