[8] 7174966: With OCSP enabled on Java 7 get error 'Wrong key usage' with Comodo certificate
Xuelei Fan
xuelei.fan at oracle.com
Wed May 29 12:42:06 UTC 2013
What's the key usage of the OCSP responder? I think it is more like a
problem of Comodo CA. This fix may loosen the checking of the validity
of the OCSP responder's certificate.
Xuelei
On 5/28/2013 7:30 PM, Vincent Ryan wrote:
> Please review the fix for: http://bugs.sun.com/view_bug.do?bug_id=7174966
>
> The problem occurs when validating the signature of an OCSP response from the Comodo CA.
> The Signature class tests for the presence of the digitalSignature keyUsage setting when examining
> a signer's certificate. One solution is for the sun.security.provider.certpath.OCSPResponse class to
> pass the signer's public key rather than the signer's certificate.
>
> Webrev: http://cr.openjdk.java.net/~vinnie/7174966/webrev.00/
>
> Thanks.
>
More information about the security-dev
mailing list