Mercurial > hg > openjdk > icedtea > jdk7 > jdk
changeset 5502:3aa687530ca9
7182500: OCSP revocation checking fails if OCSP responce does not contain certificates
Reviewed-by: xuelei, valeriep
author | vinnie |
---|---|
date | Mon, 16 Jul 2012 16:31:10 +0100 |
parents | c399756623cb |
children | ba7fae92732e |
files | src/share/classes/sun/security/provider/certpath/OCSPResponse.java |
diffstat | 1 files changed, 3 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Mon Jul 16 11:56:45 2012 +0800 +++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Mon Jul 16 16:31:10 2012 +0100 @@ -349,7 +349,9 @@ } } - X509Certificate trustedResponderCert = null; + // By default, the OCSP responder's cert is the same as the issuer of + // the cert being validated. The issuer cert is the first in the list. + X509Certificate trustedResponderCert = responderCerts.get(0); // Check whether the signer cert returned by the responder is trusted if (x509Certs != null && x509Certs[0] != null) {