Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6869739

Cannot check revocation of single certificate without validating the entire chain

XMLWordPrintable

    • b02
    • generic, x86
    • generic, linux, windows_xp, windows_7
    • Verified

        Currently, it is not possible to check if a certificate is revoked without validating the entire certificate chain via the CertPath APIs. This is not acceptable especially if you have already validated the certificate chain, as many of the certificate chain validation checks (signature, issuer-name checking) are redundant and only need to be checked once. Additionally, you may only want to check if the end-entity certificate has been revoked, and not all the other certificates in the chain.

        We need to implement a revocation checking mechanism that can check if a single certificate has been revoked. Initially we will focus on OCSP and add CRLs later.

              mullan Sean Mullan
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: