[8] Request for review: 8005939: sun/security/x509/{X509CRLImpl, X509CertImpl}/Verify.java fail in confusing way when some providers not present

Sean Mullan sean.mullan at oracle.com
Tue Jan 15 18:26:23 UTC 2013


On 01/15/2013 01:25 PM, Jason Uh wrote:
> Thanks, Sean. For clarification, you're recommending SunJCE for
> verifying both the CRL and the Cert?

Yes.

--Sean

>
> On 01/15/2013 07:56 AM, Sean Mullan wrote:
>> Hi Jason,nk
>>
>> This looks good. I also recommending changing this line:
>>
>>    98             verifyCRL(crlIssuerCertPubKey, "SunPCSC");
>>
>> to a provider that is always going to exist in one of the smaller
>> profiles, but also doesn't have a Signature implementation, for example:
>>
>>
>>    98             verifyCRL(crlIssuerCertPubKey, "SunJCE");
>>
>> This would allow the test to pass on the compact1/2 profiles.
>>
>> --Sean
>>
>> On 01/14/2013 09:05 PM, Jason Uh wrote:
>>> (Resending with bug ID in the Subject.)
>>>
>>> This change allows the tests
>>>     sun/security/x509/{X509CRLImpl,X509CertImpl}/Verify.java
>>> to fail with a more meaningful message when a provider is not found.
>>>
>>> Webrev: http://cr.openjdk.java.net/~juh/8005939/webrev.00/
>>> Bug: http://bugs.sun.com/view_bug.do?bug_id=8005939
>>>
>>> Thanks,
>>> Jason
>>




More information about the security-dev mailing list