[9] RFR: 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
Sean Mullan
sean.mullan at oracle.com
Fri Sep 4 16:07:35 UTC 2015
Looks good to me.
--Sean
On 09/01/2015 07:15 PM, Artem Smotrakov wrote:
> Hello,
>
> Please review this fix for 9.
>
> Certpath validation fails to load certs and CRLs if AIA and CRLDP
> extensions point to LDAP resources. This happens because LDAPCertStore
> accepts only instances of LDAPCertStoreParameters and
> URICertStoreParameters classes, but
> sun.security.provider.certpath.URICertStore uses an inner static
> URICertStoreParameters class. Please see details in the bug.
>
> This fix removes URICertStore.URICertStoreParameters class, and updates
> URICertStore and DistributionPointFetcher to use new
> java.security.cert.URICertStoreParameters class.
>
> A regression test starts a local name service which logs requested host
> names. The test checks that host names from AIA and CRLDP extensions
> were loaded and requested to resolve during certpath validation.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8134708
> Webrev: http://cr.openjdk.java.net/~asmotrak/8134708/webrev.01/
>
> Artem
More information about the security-dev
mailing list