[8] Request for Review: 8007967: Infinite loop can happen in sun.security.provider.certpath.SunCertPathBuilder.depthFirstSearchForward()

Jason Uh jason.uh at oracle.com
Tue Dec 3 18:51:55 UTC 2013


Could I please get a review for this change? This change fixes some 
issues in CertPath building and CRL verification. The main components of 
this fix are:

1. Proper setting of TrustAnchors when verifying indirect CRLs obtained 
from CRL Distribution Points. I added an overloaded getCRLs() method to 
DistributionPointFetcher for this.

2. Terminating the CertPath build immediately when the target cert is 
found to be revoked.

3. Some clarification in the comments.

Webrev: http://cr.openjdk.java.net/~juh/8007967/webrev.00/
Bug: https://bugs.openjdk.java.net/browse/JDK-8007967

Thanks,
Jason



More information about the security-dev mailing list