[8] Request for review: 8005939: sun/security/x509/{X509CRLImpl, X509CertImpl}/Verify.java fail in confusing way when some providers not present
Jason Uh
jason.uh at oracle.com
Tue Jan 15 11:41:57 PST 2013
Updated to use SunJCE for verification:
http://cr.openjdk.java.net/~juh/8005939/webrev.01/
On 01/15/2013 10:26 AM, Sean Mullan wrote:
> On 01/15/2013 01:25 PM, Jason Uh wrote:
>> Thanks, Sean. For clarification, you're recommending SunJCE for
>> verifying both the CRL and the Cert?
>
> Yes.
>
> --Sean
>
>>
>> On 01/15/2013 07:56 AM, Sean Mullan wrote:
>>> Hi Jason,nk
>>>
>>> This looks good. I also recommending changing this line:
>>>
>>> 98 verifyCRL(crlIssuerCertPubKey, "SunPCSC");
>>>
>>> to a provider that is always going to exist in one of the smaller
>>> profiles, but also doesn't have a Signature implementation, for example:
>>>
>>>
>>> 98 verifyCRL(crlIssuerCertPubKey, "SunJCE");
>>>
>>> This would allow the test to pass on the compact1/2 profiles.
>>>
>>> --Sean
>>>
>>> On 01/14/2013 09:05 PM, Jason Uh wrote:
>>>> (Resending with bug ID in the Subject.)
>>>>
>>>> This change allows the tests
>>>> sun/security/x509/{X509CRLImpl,X509CertImpl}/Verify.java
>>>> to fail with a more meaningful message when a provider is not found.
>>>>
>>>> Webrev: http://cr.openjdk.java.net/~juh/8005939/webrev.00/
>>>> Bug: http://bugs.sun.com/view_bug.do?bug_id=8005939
>>>>
>>>> Thanks,
>>>> Jason
>>>
>
More information about the security-dev
mailing list