[8] 7174966: With OCSP enabled on Java 7 get error 'Wrong key usage' with Comodo certificate

Xuelei Fan xuelei.fan at oracle.com
Wed May 29 12:42:06 UTC 2013


What's the key usage of the OCSP responder?  I think it is more like a
problem of Comodo CA.  This fix may loosen the checking of the validity
of the OCSP responder's certificate.

Xuelei

On 5/28/2013 7:30 PM, Vincent Ryan wrote:
> Please review the fix for: http://bugs.sun.com/view_bug.do?bug_id=7174966
> 
> The problem occurs when validating the signature of an OCSP response from the Comodo CA.
> The Signature class tests for the presence of the digitalSignature keyUsage setting when examining
> a signer's certificate. One solution is for the sun.security.provider.certpath.OCSPResponse class to
> pass the signer's public key rather than the signer's certificate.
> 
> Webrev: http://cr.openjdk.java.net/~vinnie/7174966/webrev.00/
> 
> Thanks.
> 




More information about the security-dev mailing list