Hi,
bug description: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6852744
webrev: http://cr.openjdk.java.net/~xuelei/6852744/webrev/
Evaluation of the bug:
1. There is a loop of forward builder for self-issused intermediate
certificates.
The ForwardBuilder looks for the next certificate based on
IssuerDN/SubjectDN. However, a self-issued certificate has the same
IssuerDN and SubjectDN, the looking will loop on the self-issued
certificate untill the loop detected.
2. Circular dependences
In the PIT tests, the valid of the intermediate CA certificate
(oldCA) depends on the CRL; the valid of CRL depends on its issuer, the
self-issued intermediate CA certificate (newWithOldCA); the valid of
newWithOldCA depends on its issuer, the oldCA, here comes a dead loop.
Thanks,
Xuelei
