JDK 8 Review Request for 8030813 : Signed applet fails to load when CRLs are stored in an LDAP directory

Vincent Ryan vincent.x.ryan at oracle.com
Mon Dec 23 18:01:23 UTC 2013


You fix looks good.
Thanks.


On 23/12/2013 14:05, Sean Mullan wrote:
> Please review the following change which causes signed applets to fail
> if CRLs are stored in an LDAP directory. This occurs when any of the
> certificates in the applet's certificate chain contain a CRL
> Distribution Point extension with an LDAP URL.
>
> The fix introduces a new internal system property that, when set to
> true, skips the JNDI InitialContext application resource file lookup,
> which was triggering a recursive verification of the signed JAR.
>
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8030813/webrev.00/
>
> Thanks,
> Sean




More information about the security-dev mailing list