7182500 OCSP revocation checking fails if OCSP response does not contain certificates (original) (raw)

Vincent Ryan vincent.x.ryan at oracle.com
Tue Jul 10 20:34:20 UTC 2012

• Previous message (by thread): no PTR is needed for TGS-Req in openjdk7?
• Next message (by thread): 7182500 OCSP revocation checking fails if OCSP response does not contain certificates
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Please review the following changeset for JDK 7u6: http://cr.openjdk.java.net/~vinnie/7182500/

The bug report is at: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7182500

The error occurs when an OCSP responder opts not to return the signing certificate used in an OCSP response. The fix is to set the default signer cert to be the cert of the issuer of the cert being validated.

This fix addresses a regression in the OCSP client which was introduced in my fix for CR 7168191 (http://hg.openjdk.java.net/jdk7u/jdk7u6-dev/jdk/rev/52ab0f489dab).

Thanks.

• Previous message (by thread): no PTR is needed for TGS-Req in openjdk7?
• Next message (by thread): 7182500 OCSP revocation checking fails if OCSP response does not contain certificates
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the security-dev mailing list