Code review request: 7197652: Impossible to run any signed JNLP applications or applets, OCSP off by default
Vincent Ryan
vincent.x.ryan at oracle.com
Tue Oct 16 12:55:52 UTC 2012
We used to have automated tests that accessed live OCSP responders but results were often unreliable
because of intermittent network and proxy issues. I am developing an automated test that uses a cached
OCSP response which will be more robust.
On 16 Oct 2012, at 11:52, Xerxes Rånby wrote:
> 2012-10-01 04:30, Vincent Ryan wrote:
>> Please review these changes for JDK 7 to correct the trust decision when examining the signer certificate of an OCSP response. When matching two certificates the key identifiers should only be checked if present in both.
>>
>> http://cr.openjdk.java.net/~vinnie/7197652/webrev.00/
>>
>> Thanks.
>
> Is this code covered by any of the existing JDK 7 jtreg tests?
> If not then please add a new jtreg test to help with testing and verification.
>
> Cheers
> Xerxes
More information about the security-dev
mailing list