Please review the fix for: http://bugs.sun.com/view_bug.do?bug_id=7174966
The problem occurs when validating the signature of an OCSP response from the Comodo CA. The Signature class tests for the presence of the digitalSignature keyUsage setting when examining a signer's certificate. One solution is for the sun.security.provider.certpath.OCSPResponse class to pass the signer's public key rather than the signer's certificate. Webrev: http://cr.openjdk.java.net/~vinnie/7174966/webrev.00/ Thanks.
