RFR: 8256895: Add support for RFC 8954: Online Certificate Status Protocol (OCSP) Nonce Extension [v5]
Sean Mullan
mullan at openjdk.java.net
Wed Jan 20 21:00:54 UTC 2021
On Wed, 20 Jan 2021 19:37:10 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> This enhancement adds support for the nonce extension in OCSP request extensions by system property jdk.security.certpath.ocspNonce.
>>
>> Please review the CSR at:
>> https://bugs.openjdk.java.net/browse/JDK-8257766
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>
> Add nonce to the list of extensions
Marked as reviewed by mullan (Reviewer).
src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java line 762:
> 760: }
> 761:
> 762: tmpExtensions.add(nonceExt);
If you only need the nonce, you could use List.of and save a little bit of memory, ex:
if (ocspExtensions.size() > 0) {
tmpExtensions = new ArrayList<Extension>(ocspExtensions);
tmpExtensions.add(nonceExt);
} else {
tmpExtensions = List.of(nonceExt);
}
-------------
PR: https://git.openjdk.java.net/jdk/pull/2039
More information about the security-dev
mailing list