Thanks. I've made those recommended changes.
On 22 Oct 2013, at 17:06, Sean Mullan wrote: > I am still reviewing, but here are some comments so far: > > * X509CertImpl > > I would prefer if getSubjectKeyIdentifier returned a KeyIdentifier so that it > is consistent with the getAuthKeyId method. Also, in OCSPResponse, you can > then just call KeyIdentifier.equals instead of comparing the bytes yourself > with Arrays.equals. > > * RevocationChecker > > RevocationChecker can be re-used for subsequent revocation checks by calling > the init method. So, you need to clear the contents of the responderCerts > list each time init is called. You can add this after line 323 in the init > method > > responderCerts.clear(); > > --Sean > > On 10/21/2013 05:36 PM, Vincent Ryan wrote: >> Please review this fix to support key-rollover certs >> (same name, different keys): >> >> Bug: https://bugs.openjdk.java.net/browse/JDK-8012636 >> Webrev: http://cr.openjdk.java.net/~vinnie/8012636/webrev.00/ >> >> This issue arises when an OCSP responder replaces its public key >> but retains its subject name. The OCSP client must be able to >> validate responses signed by both keys. >> >> Thanks. >
