Looks fine to me. Thanks, Xuelei
On 8/9/2016 5:50 AM, Jamil Nimeh wrote: > Hello all, this update removes an unnecessary change in > test/javax/net/ssl, adds in some additional logging, and an early exit > condition from the loop if an acceptable status_request_v2 item is found > (favoring OCSP_MULTI over OCSP). Also an additional test case that > exercises this exit condition was added. > > Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8132943/webrev.02 > > Thanks, > > --Jamil > > > On 08/05/2016 09:56 PM, Jamil Nimeh wrote: >> Hello all, >> >> This fixes an issue with OCSPStatusRequest selection by the server >> when doing OCSP stapling. Since we currently do not support responder >> ID filtering, the server should not select an OCSPStatusRequest with >> responder IDs in it, else it could potentially return OCSP responses >> that the client has already stated it would not trust. This fix takes >> care of that. If the server cannot find an OCSPStatusRequest that is >> suitable (in this case, one that has an empty responder ID list) it >> will not do stapling for that handshake. >> >> Bug: https://bugs.openjdk.java.net/browse/JDK-8132943 >> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8132943/webrev.01 >> >> Thanks, >> --Jamil >