[8] code review request: 8019259: Failover to CRL checking does not happen if wrong OCSP responder URL is set
Xuelei Fan
xuelei.fan at oracle.com
Mon Jul 1 23:02:22 UTC 2013
On 7/1/2013 8:56 PM, Vincent Ryan wrote:
> I think that wrapping a RuntimeException (in CPVE) is acceptable in this case
> because the goal is to activate the failover mechanism from OCSP to CRL.
>
> Do you want RuntimeException to be re-thrown?
>
No. It is acceptable to me to wrap the RuntimeException. It is not a
real runtime exception, but a wrong message. I prefer to use CPVE.
Xuelei
> On 29 Jun 2013, at 01:53, Xuelei Fan wrote:
>
>> Looks fine to me.
>>
>> Hmm, it is a case to learn that RuntimeException should be token care of
>> sometimes.
>>
>> Thanks,
>> Xuelei
>>
>> On 6/29/2013 2:41 AM, Vincent Ryan wrote:
>>> Hello,
>>>
>>> Please review the following JDK 8 fix:
>>>
>>> Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8019259
>>> Webrev: http://cr.openjdk.java.net/~vinnie/8019259/webrev.00/
>>>
>>> It corrects a problem during X.509 certificate revocation checking where failover to using CRLs is not
>>> performed in the case when a malformed URL has been supplied as the URL of the OCSP responder.
>>> The fix ensures all exceptions during OCSP are caught and wrapped so that the failover mechanism
>>> does not get skipped.
>>>
>>> Thanks.
>>>
>>
>
More information about the security-dev
mailing list