-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P1
-
Affects Version/s: 8
-
Component/s: docs
The following Note in step 3 of http://download.java.net/jdk8/docs/technotes/guides/security/certpath/CertPathProgGuide.html#PKIXRevocationChecker:
Note: When adding a revocation checker in this manner, you must also disable the default revocation checking mechanism (by calling the method PKIXParameters.setRevocationEnabled with a value of false).
should be removed. The PKIXRevocationChecker will be used irrespective of the RevocationEnabled flag. This is documented in the class summary (see 3rd paragraph) of PKIXRevocationChecker:
http://download.java.net/jdk8/docs/api/java/security/cert/PKIXRevocationChecker.html
Also, in http://download.java.net/jdk8/docs/technotes/guides/security/enhancements-8.html, change the term "single-certificate checking" to "end-entity certificate checking".
Note: When adding a revocation checker in this manner, you must also disable the default revocation checking mechanism (by calling the method PKIXParameters.setRevocationEnabled with a value of false).
should be removed. The PKIXRevocationChecker will be used irrespective of the RevocationEnabled flag. This is documented in the class summary (see 3rd paragraph) of PKIXRevocationChecker:
http://download.java.net/jdk8/docs/api/java/security/cert/PKIXRevocationChecker.html
Also, in http://download.java.net/jdk8/docs/technotes/guides/security/enhancements-8.html, change the term "single-certificate checking" to "end-entity certificate checking".