JDK 8 Code Review Request for 7176627: CertPath/jep124/PreferCRL_SoftFail test fails (Could not determine revocation status) (original) (raw)

Sean Mullan sean.mullan at oracle.com
Thu Sep 13 17:24:45 UTC 2012

• Previous message (by thread): JDK 8 Code Review Request for 7176627: CertPath/jep124/PreferCRL_SoftFail test fails (Could not determine revocation status)
• Next message (by thread): hg: jdk8/tl/jdk: 7194005: (launcher) needs to be enhanced for 64-bit jar file handling
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/12/12 4:12 AM, Xuelei Fan wrote:

RevocationChecker.java: ======================== line 473: We may only want to save the first exception. 473 if (softFail && nfe == null &&

Good catch. I've changed it to your suggestion.

line 530 to 540: "nfe" is not null means it is to ignore network failure. I think we may not want to check the network failure before verifyWithSeparateSigningKey().

Another good catch. I've also made that change.

Both are fairly minor changes, so I won't post another webrev but I'll test my changes again before pushing.

Thanks, Sean

Otherwise, looks fine to me. On 9/12/2012 12:17 PM, Weijun Wang wrote: I'm probably not familiar with CertPath validation. BTW, are PREFERCRL and SOFTFAIL options java-specific? I tried to google them but there is no result.

PREFERCRL and SOFTFAIL are defines in the new PKIXRevocationChecker in JDK 8. PKIXRevocationChecker.Option: -------------------------------------------- /** * Prefer CRLs to OSCP. The default behavior is to prefer OCSP. Each * PKIX implementation should document further details of their * specific preference rules and fallback policies. */ PREFERCRLS, /** * Ignore network failures. The default behavior is to consider it a * failure if the revocation status of a certificate cannot be obtained * due to a network error. This option applies to both OCSP and CRLs. */ SOFTFAIL -------------------------------------------- Xuelei -Max

On 09/12/2012 01:29 AM, Sean Mullan wrote: Still waiting on a review for this ... Max or Vinnie maybe?

Thanks, Sean On 9/5/12 3:25 PM, Sean Mullan wrote: I'm requesting a code review for my fix for 7176627. For some reason the bug is not accessible at bugs.sun.com, so I have inserted a description of the problem and solution in the webrev header (see "Author comments"):

http://cr.openjdk.java.net/~mullan/webrevs/7176627/webrev.00/ Thanks, Sean

• Previous message (by thread): JDK 8 Code Review Request for 7176627: CertPath/jep124/PreferCRL_SoftFail test fails (Could not determine revocation status)
• Next message (by thread): hg: jdk8/tl/jdk: 7194005: (launcher) needs to be enhanced for 64-bit jar file handling
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the security-dev mailing list