Just 2 comments on DistributionPointFetcher:
You can eliminate some duplication of code by changing the existing
getCRLs method to just call the new method with a null prevCert parameter.
On lines 659-663, you don't need to add @code tags, that is only for
javadoc comments.
--Sean
On 12/03/2013 01:51 PM, Jason Uh wrote:
Could I please get a review for this change? This change fixes some
issues in CertPath building and CRL verification. The main components of
this fix are:
1. Proper setting of TrustAnchors when verifying indirect CRLs obtained
from CRL Distribution Points. I added an overloaded getCRLs() method to
DistributionPointFetcher for this.
2. Terminating the CertPath build immediately when the target cert is
found to be revoked.
3. Some clarification in the comments.
Webrev: http://cr.openjdk.java.net/~juh/8007967/webrev.00/
Bug: https://bugs.openjdk.java.net/browse/JDK-8007967
Thanks,
Jason
