[8] 8012636: OCSP validation fails even when public key is trusted

Vincent Ryan vincent.x.ryan at oracle.com
Thu Oct 24 18:04:07 PDT 2013


Please review this updated webrev that addresses the comments received 
so far:

     http://cr.openjdk.java.net/~vinnie/8012636/webrev.01/

Thanks.


On 21/10/2013 22:36, Vincent Ryan wrote:
> Please review this fix to support key-rollover certs
> (same name, different keys):
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8012636
> Webrev: http://cr.openjdk.java.net/~vinnie/8012636/webrev.00/
>
> This issue arises when an OCSP responder replaces its public key
> but retains its subject name. The OCSP client must be able to
> validate responses signed by both keys.
>
> Thanks.



More information about the security-dev mailing list