Please review these changes for JDK 7 to correct the trust decision when examining the signer certificate of an OCSP response. When matching two certificates the key identifiers should only be checked if present in both.
http://cr.openjdk.java.net/~vinnie/7197652/webrev.00/ Thanks.
