RFR: 8225433: Clarify behavior of PKIXParameters.setRevocationEnabled when PKIXRevocationChecker is used
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Wed Apr 27 06:50:39 UTC 2022
On Mon, 18 Apr 2022 13:35:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> This change improves the specification for the case when a `PKIXRevocationChecker` is supplied as one of the `CertPathChecker` parameters. Specifically, it makes it more clear that a `PKIXRevocationChecker` overrides the default revocation checking mechanism of a PKIX service provider, and will be used to check revocation irrespective of the setting of the RevocationEnabled parameter.
>
> Will also file a CSR.
Looks good to me, except a minor nit.
src/java.base/share/classes/java/security/cert/PKIXParameters.java line 339:
> 337: * #setCertPathCheckers setCertPathCheckers} methods).
> 338: * <p>
> 339: * However, if a {@code PKIXRevocationChecker} is passed in as a parameter
The word "However" may be not necessary as the previous paragraph is ending with a substitute mechanism. This sentence could be a further explanation of the substitute mechanism.
-------------
Marked as reviewed by xuelei (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/8287
More information about the security-dev
mailing list