Details
-
Bug
-
Resolution: Fixed
-
P4
-
None
-
None
-
b12
Description
sun.security.validator.PKIXValidator's addResponses method
should add responses to a PKIXRevocationChecker even if revocationEnabled is false. See the specification of PKIXParameters.setRevocationEnabled which says:
"Sophisticated applications should set this flag to false when it is not
practical to use a PKIX service provider's default revocation checking
mechanism or when an alternative revocation checking mechanism is to be
substituted (by also calling the addCertPathChecker or
setCertPathCheckers methods)."
and PKIXRevocationChecker:
"When supplying a revocation checker in this manner, it will be used to
check revocation irrespective of the setting of the RevocationEnabled
flag."
should add responses to a PKIXRevocationChecker even if revocationEnabled is false. See the specification of PKIXParameters.setRevocationEnabled which says:
"Sophisticated applications should set this flag to false when it is not
practical to use a PKIX service provider's default revocation checking
mechanism or when an alternative revocation checking mechanism is to be
substituted (by also calling the addCertPathChecker or
setCertPathCheckers methods)."
and PKIXRevocationChecker:
"When supplying a revocation checker in this manner, it will be used to
check revocation irrespective of the setting of the RevocationEnabled
flag."
Attachments
Issue Links
- relates to
-
JDK-8225433 Clarify behavior of PKIXParameters.setRevocationEnabled when PKIXRevocationChecker is used
-
- Resolved
-