Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6869739

Cannot check revocation of single certificate without validating the entire chain

    XMLWordPrintable

Details

    • b02
    • generic, x86
    • generic, linux, windows_xp, windows_7
    • Verified

    Backports

      Description

        Currently, it is not possible to check if a certificate is revoked without validating the entire certificate chain via the CertPath APIs. This is not acceptable especially if you have already validated the certificate chain, as many of the certificate chain validation checks (signature, issuer-name checking) are redundant and only need to be checked once. Additionally, you may only want to check if the end-entity certificate has been revoked, and not all the other certificates in the chain.

        We need to implement a revocation checking mechanism that can check if a single certificate has been revoked. Initially we will focus on OCSP and add CRLs later.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2182427 Cannot check revocation of single certificate without validating the entire chain

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2186834 Cannot check revocation of single certificate without validating the entire chain

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2183987 Cannot check revocation of single certificate without validating the entire chain

            • P3 - Major loss of function.
            • Closed
            duplicates

            Bug - A problem which impairs or prevents the functions of the product. JDK-6712740 OCSP Responses not parsed correctly

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-6712739 OCSPChecker throws NPE when OPTIONAL "certs" missing from BasicOCSPResponse.

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2165825 OCSP Responses not parsed correctly

            • P3 - Major loss of function.
            • Closed

            Enhancement - null JDK-6914458 Multiple OCSP Issues in the SUN provider: No support for 1..n of SingleResponse

            • P5 - Cosmetic problem like misspelt words or misaligned text.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-6945145 PKIX path validation failed: App won't start when offline when using JOGL/Win7

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            New Feature - A new feature of the product, which has yet to be developed. JDK-6878826 Add support for Extended Validation certificates

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-6885667 CertPath/CertPathValidatorTest/bugs/bug6383078 fails on jdk6u18/b02, jdk7/pit/b73 and passes on b72.

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-6888769 Remove dependency on enums from internal sun.security.provider.certpath.OCSP API

            • P3 - Major loss of function.
            • Closed

            Activity

              People

                mullan Sean Mullan
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: