JDK 8 Review Request for 8030813 : Signed applet fails to load when CRLs are stored in an LDAP directory

Sean Mullan sean.mullan at oracle.com
Mon Dec 23 06:05:40 PST 2013


Please review the following change which causes signed applets to fail 
if CRLs are stored in an LDAP directory. This occurs when any of the 
certificates in the applet's certificate chain contain a CRL 
Distribution Point extension with an LDAP URL.

The fix introduces a new internal system property that, when set to 
true, skips the JNDI InitialContext application resource file lookup, 
which was triggering a recursive verification of the signed JAR.

webrev: http://cr.openjdk.java.net/~mullan/webrevs/8030813/webrev.00/

Thanks,
Sean


More information about the security-dev mailing list