[RFR] JDK-8225436 : Stapled OCSPResponses should be added to PKIXRevocationChecker irrespective of revocationEnabled flag
Jamil Nimeh
jamil.j.nimeh at oracle.com
Fri Aug 16 21:25:23 UTC 2019
Hello all,
This fixes a bug where stapled OCSP responses were being ignored by the
internal Validator in all cases when revocation checking is disabled.
If the TrustManagerFactory is initialized with CertPathParameters that
include a PKIXRevocationChecker, then that should override the
setRevocationEnabled flag and any stapled responses should be taken into
account during path validation.
Bug: https://bugs.openjdk.java.net/browse/JDK-8225436
Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8225436/webrev.01/
Thanks,
--Jamil
More information about the security-dev
mailing list