Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java
changeset 2283 495fbbcc7569
parent 1238 6d1f4b722acd
child 5506 202f599c92aa 
--- a/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java	Fri Mar 13 15:26:23 2009 -0700
+++ b/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java	Tue Mar 17 11:54:13 2009 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -143,11 +143,15 @@
                     }
 
                 } catch (CertPathValidatorException cpve) {
-                    // Throw the saved OCSP exception
-                    // (when the CRL check has also failed)
+                    // Throw the saved OCSP exception unless the CRL
+                    // checker has determined that the cert is revoked
                     if (ocspCause != null &&
-                        currChecker instanceof CrlRevocationChecker) {
-                        throw ocspCause;
+                            currChecker instanceof CrlRevocationChecker) {
+                        if (cpve.getReason() == BasicReason.REVOKED) {
+                            throw cpve;
+                        } else {
+                            throw ocspCause;
+                        }
                     }
                     /*
                      * Handle failover from OCSP to CRLs
jdk-sandbox