Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
P4
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 14
-
Component/s: security-libs
-
Labels:None
-
Subcomponent:
-
Resolved In Build:b12
Description
sun.security.validator.PKIXValidator's addResponses method
should add responses to a PKIXRevocationChecker even if revocationEnabled is false. See the specification of PKIXParameters.setRevocationEnabled which says:
"Sophisticated applications should set this flag to false when it is not
practical to use a PKIX service provider's default revocation checking
mechanism or when an alternative revocation checking mechanism is to be
substituted (by also calling the addCertPathChecker or
setCertPathCheckers methods)."
and PKIXRevocationChecker:
"When supplying a revocation checker in this manner, it will be used to
check revocation irrespective of the setting of the RevocationEnabled
flag."
should add responses to a PKIXRevocationChecker even if revocationEnabled is false. See the specification of PKIXParameters.setRevocationEnabled which says:
"Sophisticated applications should set this flag to false when it is not
practical to use a PKIX service provider's default revocation checking
mechanism or when an alternative revocation checking mechanism is to be
substituted (by also calling the addCertPathChecker or
setCertPathCheckers methods)."
and PKIXRevocationChecker:
"When supplying a revocation checker in this manner, it will be used to
check revocation irrespective of the setting of the RevocationEnabled
flag."
Attachments
Issue Links
- relates to
-
JDK-8225433 Clarify behavior of PKIXParameters.setRevocationEnabled when PKIXRevocationChecker is used
-
- Resolved
-