-
Bug
-
Resolution: Fixed
-
P1
-
8
The following Note in step 3 of http://download.java.net/jdk8/docs/technotes/guides/security/certpath/CertPathProgGuide.html#PKIXRevocationChecker:
Note: When adding a revocation checker in this manner, you must also disable the default revocation checking mechanism (by calling the method PKIXParameters.setRevocationEnabled with a value of false).
should be removed. The PKIXRevocationChecker will be used irrespective of the RevocationEnabled flag. This is documented in the class summary (see 3rd paragraph) of PKIXRevocationChecker:
http://download.java.net/jdk8/docs/api/java/security/cert/PKIXRevocationChecker.html
Also, in http://download.java.net/jdk8/docs/technotes/guides/security/enhancements-8.html, change the term "single-certificate checking" to "end-entity certificate checking".
Note: When adding a revocation checker in this manner, you must also disable the default revocation checking mechanism (by calling the method PKIXParameters.setRevocationEnabled with a value of false).
should be removed. The PKIXRevocationChecker will be used irrespective of the RevocationEnabled flag. This is documented in the class summary (see 3rd paragraph) of PKIXRevocationChecker:
http://download.java.net/jdk8/docs/api/java/security/cert/PKIXRevocationChecker.html
Also, in http://download.java.net/jdk8/docs/technotes/guides/security/enhancements-8.html, change the term "single-certificate checking" to "end-entity certificate checking".