[8] code review request: 8019259: Failover to CRL checking does not happen if wrong OCSP responder URL is set
Vincent Ryan
vincent.x.ryan at oracle.com
Mon Jul 1 12:56:10 UTC 2013
I think that wrapping a RuntimeException (in CPVE) is acceptable in this case
because the goal is to activate the failover mechanism from OCSP to CRL.
Do you want RuntimeException to be re-thrown?
On 29 Jun 2013, at 01:53, Xuelei Fan wrote:
> Looks fine to me.
>
> Hmm, it is a case to learn that RuntimeException should be token care of
> sometimes.
>
> Thanks,
> Xuelei
>
> On 6/29/2013 2:41 AM, Vincent Ryan wrote:
>> Hello,
>>
>> Please review the following JDK 8 fix:
>>
>> Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8019259
>> Webrev: http://cr.openjdk.java.net/~vinnie/8019259/webrev.00/
>>
>> It corrects a problem during X.509 certificate revocation checking where failover to using CRLs is not
>> performed in the case when a malformed URL has been supplied as the URL of the OCSP responder.
>> The fix ensures all exceptions during OCSP are caught and wrapped so that the failover mechanism
>> does not get skipped.
>>
>> Thanks.
>>
>
More information about the security-dev
mailing list