# HG changeset patch # User wetmore # Date 1211009272 25200 # Node ID 384284026958b6e4babf82e1e1c0249d8d21f846 # Parent a33264d48a843ab7c4c6a737c5d5657d63e1d3db# Parent baf1cb906914d5cfa67e680bb66d5fd156ea4b39 Merge diff -r a33264d48a84 -r 384284026958 jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java --- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Fri May 16 11:34:34 2008 +0200 +++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Sat May 17 00:27:52 2008 -0700 @@ -102,7 +102,7 @@ */ public void init(boolean forward) throws CertPathValidatorException { if (!forward) { - remainingCerts = certs.length; + remainingCerts = certs.length + 1; } else { throw new CertPathValidatorException( "Forward checking not supported"); @@ -131,14 +131,22 @@ InputStream in = null; OutputStream out = null; + + // Decrement the certificate counter + remainingCerts--; + try { - // Examine OCSP properties X509Certificate responderCert = null; boolean seekResponderCert = false; X500Principal responderSubjectName = null; X500Principal responderIssuerName = null; BigInteger responderSerialNumber = null; + boolean seekIssuerCert = true; + X509CertImpl issuerCertImpl = null; + X509CertImpl currCertImpl = + X509CertImpl.toImpl((X509Certificate)cert); + /* * OCSP security property values, in the following order: * 1. ocsp.responderURL @@ -148,6 +156,9 @@ */ String[] properties = getOCSPProperties(); + // Check whether OCSP is feasible before seeking cert information + URL url = getOCSPServerURL(currCertImpl, properties); + // When responder's subject name is set then the issuer/serial // properties are ignored if (properties[1] != null) { @@ -172,14 +183,9 @@ seekResponderCert = true; } - boolean seekIssuerCert = true; - X509CertImpl issuerCertImpl = null; - X509CertImpl currCertImpl = - X509CertImpl.toImpl((X509Certificate)cert); - remainingCerts--; - - // Set the issuer certificate - if (remainingCerts != 0) { + // Set the issuer certificate to the next cert in the chain + // (unless we're processing the final cert). + if (remainingCerts < certs.length) { issuerCertImpl = X509CertImpl.toImpl(certs[remainingCerts]); seekIssuerCert = false; // done @@ -312,7 +318,8 @@ // Construct an OCSP Request OCSPRequest ocspRequest = new OCSPRequest(currCertImpl, issuerCertImpl); - URL url = getOCSPServerURL(currCertImpl, properties); + + // Use the URL to the OCSP service that was created earlier HttpURLConnection con = (HttpURLConnection)url.openConnection(); if (DEBUG != null) { DEBUG.println("connecting to OCSP service at: " + url); diff -r a33264d48a84 -r 384284026958 jdk/src/solaris/native/java/net/PlainSocketImpl.c --- a/jdk/src/solaris/native/java/net/PlainSocketImpl.c Fri May 16 11:34:34 2008 +0200 +++ b/jdk/src/solaris/native/java/net/PlainSocketImpl.c Sat May 17 00:27:52 2008 -0700 @@ -358,15 +358,28 @@ * See 6343810. */ while (1) { - fd_set wr, ex; +#ifndef USE_SELECT + { +fprintf(stdout,"\nNATIVE: fd = %d] ", fd); + struct pollfd pfd; + pfd.fd = fd; + pfd.events = POLLOUT; - FD_ZERO(&wr); - FD_SET(fd, &wr); - FD_ZERO(&ex); - FD_SET(fd, &ex); + connect_rv = NET_Poll(&pfd, 1, -1); + } +#else + { + fd_set wr, ex; - errno = 0; - connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0); + FD_ZERO(&wr); + FD_SET(fd, &wr); + FD_ZERO(&ex); + FD_SET(fd, &ex); + + connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0); + } +#endif + if (connect_rv == JVM_IO_ERR) { if (errno == EINTR) { continue;