[8] 8012636: OCSP validation fails even when public key is trusted

Xuelei Fan xuelei.fan at oracle.com
Fri Oct 25 03:41:25 UTC 2013


Looks fine to me.

Xuelei

On 10/25/2013 9:04 AM, Vincent Ryan wrote:
> Please review this updated webrev that addresses the comments received
> so far:
> 
>     http://cr.openjdk.java.net/~vinnie/8012636/webrev.01/
> 
> Thanks.
> 
> 
> On 21/10/2013 22:36, Vincent Ryan wrote:
>> Please review this fix to support key-rollover certs
>> (same name, different keys):
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8012636
>> Webrev: http://cr.openjdk.java.net/~vinnie/8012636/webrev.00/
>>
>> This issue arises when an OCSP responder replaces its public key
>> but retains its subject name. The OCSP client must be able to
>> validate responses signed by both keys.
>>
>> Thanks.
> 




More information about the security-dev mailing list