--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Fri May 30 14:35:43 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Mon Jun 02 10:16:54 2008 -0700
@@ -102,7 +102,7 @@
*/
public void init(boolean forward) throws CertPathValidatorException {
if (!forward) {
- remainingCerts = certs.length;
+ remainingCerts = certs.length + 1;
} else {
throw new CertPathValidatorException(
"Forward checking not supported");
@@ -131,14 +131,22 @@
InputStream in = null;
OutputStream out = null;
+
+ // Decrement the certificate counter
+ remainingCerts--;
+
try {
- // Examine OCSP properties
X509Certificate responderCert = null;
boolean seekResponderCert = false;
X500Principal responderSubjectName = null;
X500Principal responderIssuerName = null;
BigInteger responderSerialNumber = null;
+ boolean seekIssuerCert = true;
+ X509CertImpl issuerCertImpl = null;
+ X509CertImpl currCertImpl =
+ X509CertImpl.toImpl((X509Certificate)cert);
+
/*
* OCSP security property values, in the following order:
* 1. ocsp.responderURL
@@ -148,6 +156,9 @@
*/
String[] properties = getOCSPProperties();
+ // Check whether OCSP is feasible before seeking cert information
+ URL url = getOCSPServerURL(currCertImpl, properties);
+
// When responder's subject name is set then the issuer/serial
// properties are ignored
if (properties[1] != null) {
@@ -172,14 +183,9 @@
seekResponderCert = true;
}
- boolean seekIssuerCert = true;
- X509CertImpl issuerCertImpl = null;
- X509CertImpl currCertImpl =
- X509CertImpl.toImpl((X509Certificate)cert);
- remainingCerts--;
-
- // Set the issuer certificate
- if (remainingCerts != 0) {
+ // Set the issuer certificate to the next cert in the chain
+ // (unless we're processing the final cert).
+ if (remainingCerts < certs.length) {
issuerCertImpl = X509CertImpl.toImpl(certs[remainingCerts]);
seekIssuerCert = false; // done
@@ -312,7 +318,8 @@
// Construct an OCSP Request
OCSPRequest ocspRequest =
new OCSPRequest(currCertImpl, issuerCertImpl);
- URL url = getOCSPServerURL(currCertImpl, properties);
+
+ // Use the URL to the OCSP service that was created earlier
HttpURLConnection con = (HttpURLConnection)url.openConnection();
if (DEBUG != null) {
DEBUG.println("connecting to OCSP service at: " + url);
--- a/jdk/src/solaris/native/java/net/PlainSocketImpl.c Fri May 30 14:35:43 2008 +0200
+++ b/jdk/src/solaris/native/java/net/PlainSocketImpl.c Mon Jun 02 10:16:54 2008 -0700
@@ -358,15 +358,28 @@
* See 6343810.
*/
while (1) {
- fd_set wr, ex;
+#ifndef USE_SELECT
+ {
+fprintf(stdout,"\nNATIVE: fd = %d] ", fd);
+ struct pollfd pfd;
+ pfd.fd = fd;
+ pfd.events = POLLOUT;
- FD_ZERO(&wr);
- FD_SET(fd, &wr);
- FD_ZERO(&ex);
- FD_SET(fd, &ex);
+ connect_rv = NET_Poll(&pfd, 1, -1);
+ }
+#else
+ {
+ fd_set wr, ex;
- errno = 0;
- connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
+ FD_ZERO(&wr);
+ FD_SET(fd, &wr);
+ FD_ZERO(&ex);
+ FD_SET(fd, &ex);
+
+ connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
+ }
+#endif
+
if (connect_rv == JVM_IO_ERR) {
if (errno == EINTR) {
continue;
--- a/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java Fri May 30 14:35:43 2008 +0200
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java Mon Jun 02 10:16:54 2008 -0700
@@ -2,32 +2,22 @@
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
- * This code is free software; you can redistribute it and/or modi
-fy it
- * under the terms of the GNU General Public License version 2 onl
-y, as
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
- * This code is distributed in the hope that it will be useful, bu
-t WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABIL
-ITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public L
-icense
- * version 2 for more details (a copy is included in the LICENSE f
-ile that
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
- * You should have received a copy of the GNU General Public Licen
-se version
- * 2 along with this work; if not, write to the Free Software Foun
-dation,
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, San
-ta Clara,
- * CA 95054 USA or visit www.sun.com if you need additional inform
-ation or
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
--- a/jdk/test/sun/security/tools/keytool/autotest.sh Fri May 30 14:35:43 2008 +0200
+++ b/jdk/test/sun/security/tools/keytool/autotest.sh Mon Jun 02 10:16:54 2008 -0700
@@ -1,5 +1,5 @@
#
-# Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
+# Copyright 2006-2008 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -90,7 +90,8 @@
echo | ${TESTJAVA}${FS}bin${FS}java -Dfile -Dnss \
-Dnss.lib=${NSS}${FS}lib${FS}${PF}${FS}${LIBNAME} \
- KeyToolTest || exit 12
+ KeyToolTest
+status=$?
rm -f p11-nss.txt
rm -f cert8.db
@@ -101,4 +102,5 @@
rm KeyToolTest.class
rm TestException.class
-exit $?
+exit $status
+