On Mon, 18 Apr 2022 13:35:25 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> This change improves the specification for the case when a
> `PKIXRevocationChecker` is supplied as one of the `CertPathChecker`
> parameters. Specifically, it makes it more clear that a
> `PKIXRevocationChecker` overrides the default revocation checking mechanism
> of a PKIX service provider, and will be used to check revocation irrespective
> of the setting of the RevocationEnabled parameter.
>
> Will also file a CSR.
Looks good to me, except a minor nit.
src/java.base/share/classes/java/security/cert/PKIXParameters.java line 339:
> 337: * #setCertPathCheckers setCertPathCheckers} methods).
> 338: * <p>
> 339: * However, if a {@code PKIXRevocationChecker} is passed in as a
> parameter
The word "However" may be not necessary as the previous paragraph is ending
with a substitute mechanism. This sentence could be a further explanation of
the substitute mechanism.
-------------
Marked as reviewed by xuelei (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/8287
