We used to have automated tests that accessed live OCSP responders but results were often unreliable because of intermittent network and proxy issues. I am developing an automated test that uses a cached OCSP response which will be more robust.
On 16 Oct 2012, at 11:52, Xerxes Rånby wrote: > 2012-10-01 04:30, Vincent Ryan wrote: >> Please review these changes for JDK 7 to correct the trust decision when >> examining the signer certificate of an OCSP response. When matching two >> certificates the key identifiers should only be checked if present in both. >> >> http://cr.openjdk.java.net/~vinnie/7197652/webrev.00/ >> >> Thanks. > > Is this code covered by any of the existing JDK 7 jtreg tests? > If not then please add a new jtreg test to help with testing and verification. > > Cheers > Xerxes
