Name: rmT116609 Date: 10/22/2003


A DESCRIPTION OF THE REQUEST :
At the moment, the X509CRL interface and hence the Sun implementation, only defines the method "Set getRevokedCertificates()". Set is by definition unordered. This is fine if the CRL is a direct CRL.

JUSTIFICATION :
However, if the CRL is an indirect CRL, it is imperative that the revoked certificates are ordered to allow proper processing. By indirect CRLs, the certificate issuer of the revoked certificate is dependent on the previous revoked certificate entry. See RFC 5.3.4 Certificate Issuer for a complete description of this.
Thus I request a new method "List getRevokedCerts()" to be defined or at least a "X509CRLEntry getRevokedCertificate(X509Certificate)" that follows RFC 3280 and properly handles indirect Crls.
At the moment, all indirect Crls must be locally parsed (ie use another Provider or ASN1 parser) in order to perform proper revocation checks.
(Incident Review ID: 215465)
======================================================================