[8] 7174966: With OCSP enabled on Java 7 get error 'Wrong key usage' with Comodo certificate

Vincent Ryan vincent.x.ryan at oracle.com
Tue May 28 11:30:13 UTC 2013


Please review the fix for: http://bugs.sun.com/view_bug.do?bug_id=7174966

The problem occurs when validating the signature of an OCSP response from the Comodo CA.
The Signature class tests for the presence of the digitalSignature keyUsage setting when examining
a signer's certificate. One solution is for the sun.security.provider.certpath.OCSPResponse class to
pass the signer's public key rather than the signer's certificate.

Webrev: http://cr.openjdk.java.net/~vinnie/7174966/webrev.00/

Thanks.


More information about the security-dev mailing list