[8] Request for Review: 8007967: Infinite loop can happen in sun.security.provider.certpath.SunCertPathBuilder.depthFirstSearchForward()

Sean Mullan sean.mullan at oracle.com
Wed Dec 4 21:18:25 UTC 2013


Just 2 comments on DistributionPointFetcher:

You can eliminate some duplication of code by changing the existing 
getCRLs method to just call the new method with a null prevCert parameter.

On lines 659-663, you don't need to add @code tags, that is only for 
javadoc comments.

--Sean

On 12/03/2013 01:51 PM, Jason Uh wrote:
> Could I please get a review for this change? This change fixes some
> issues in CertPath building and CRL verification. The main components of
> this fix are:
>
> 1. Proper setting of TrustAnchors when verifying indirect CRLs obtained
> from CRL Distribution Points. I added an overloaded getCRLs() method to
> DistributionPointFetcher for this.
>
> 2. Terminating the CertPath build immediately when the target cert is
> found to be revoked.
>
> 3. Some clarification in the comments.
>
> Webrev: http://cr.openjdk.java.net/~juh/8007967/webrev.00/
> Bug: https://bugs.openjdk.java.net/browse/JDK-8007967
>
> Thanks,
> Jason




More information about the security-dev mailing list