RFR: 8225433: Clarify behavior of PKIXParameters.setRevocationEnabled when PKIXRevocationChecker is used

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Wed Apr 27 06:50:39 UTC 2022

On Mon, 18 Apr 2022 13:35:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:

> This change improves the specification for the case when a `PKIXRevocationChecker` is supplied as one of the `CertPathChecker` parameters. Specifically, it makes it more clear that a `PKIXRevocationChecker` overrides the default revocation checking mechanism of a PKIX service provider, and will be used to check revocation irrespective of the setting of the RevocationEnabled parameter.
> Will also file a CSR.

Looks good to me, except a minor nit.

src/java.base/share/classes/java/security/cert/PKIXParameters.java line 339:

> 337:      * #setCertPathCheckers setCertPathCheckers} methods).
> 338:      * <p>
> 339:      * However, if a {@code PKIXRevocationChecker} is passed in as a parameter

The word "However" may be not necessary as the previous paragraph is ending with a substitute mechanism.  This sentence could be a further explanation of the  substitute mechanism.


Marked as reviewed by xuelei (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/8287

More information about the security-dev mailing list