[8] code review request: 8019259: Failover to CRL checking does not happen if wrong OCSP responder URL is set
Vincent Ryan
vincent.x.ryan at oracle.com
Tue Jul 2 10:19:06 UTC 2013
OK. Thanks.
On 2 Jul 2013, at 00:02, Xuelei Fan wrote:
> On 7/1/2013 8:56 PM, Vincent Ryan wrote:
>> I think that wrapping a RuntimeException (in CPVE) is acceptable in this case
>> because the goal is to activate the failover mechanism from OCSP to CRL.
>>
>> Do you want RuntimeException to be re-thrown?
>>
> No. It is acceptable to me to wrap the RuntimeException. It is not a
> real runtime exception, but a wrong message. I prefer to use CPVE.
>
> Xuelei
>
>> On 29 Jun 2013, at 01:53, Xuelei Fan wrote:
>>
>>> Looks fine to me.
>>>
>>> Hmm, it is a case to learn that RuntimeException should be token care of
>>> sometimes.
>>>
>>> Thanks,
>>> Xuelei
>>>
>>> On 6/29/2013 2:41 AM, Vincent Ryan wrote:
>>>> Hello,
>>>>
>>>> Please review the following JDK 8 fix:
>>>>
>>>> Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8019259
>>>> Webrev: http://cr.openjdk.java.net/~vinnie/8019259/webrev.00/
>>>>
>>>> It corrects a problem during X.509 certificate revocation checking where failover to using CRLs is not
>>>> performed in the case when a malformed URL has been supplied as the URL of the OCSP responder.
>>>> The fix ensures all exceptions during OCSP are caught and wrapped so that the failover mechanism
>>>> does not get skipped.
>>>>
>>>> Thanks.
>>>>
>>>
>>
>
More information about the security-dev
mailing list