[8] Request for review: 8023362: Don't allow soft-fail behavior if OCSP responder returns "unauthorized"

Xuelei Fan xuelei.fan at oracle.com
Fri Sep 6 15:32:46 UTC 2013


Looks fine to me.

Xuelei

On 9/6/2013 11:01 PM, Sean Mullan wrote:
> Please review this simple fix to treat OCSP Unauthorized responses as an
> error when checking revocation status, even when the SOFT_FAIL option is
> set.
> 
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8023362/webrev.00/
> 
> Thanks,
> Sean




More information about the security-dev mailing list