Looks fine Sean. On 20 Mar 2013, at 14:18, Sean Mullan wrote:
> Please review this fix for a NullPointerException when checking revocation > status of certificates: > > webrev: > http://cr.openjdk.java.net/~mullan/webrevs/8010112/webrev.00/ > > The bug is not available online for some reason, so here are the relevant > details: > > There were 2 issues that needed to be fixed: > > 1. CertId did not handle the case where a TrustAnchor was specified as a > name/key pair. Added a new constructor to allow for that. > > 2. DistributionPointFetcher.verifyCRL was not comparing Authority Key Ids > correctly. It was comparing the bytes of the entire extension value, instead > of just the KeyIdentifier field. It turns out that there are some AKID > extensions that have matching key ids but also may include additional > information in the other fields, causing the previous comparison to fail even > though the key identifiers match. > > noreg-hard because the bug requires a complex setup to reproduce. > > Thanks, > Sean
