--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Fri May 16 11:34:34 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Sat May 17 00:27:52 2008 -0700
@@ -102,7 +102,7 @@
*/
public void init(boolean forward) throws CertPathValidatorException {
if (!forward) {
- remainingCerts = certs.length;
+ remainingCerts = certs.length + 1;
} else {
throw new CertPathValidatorException(
"Forward checking not supported");
@@ -131,14 +131,22 @@
InputStream in = null;
OutputStream out = null;
+
+ // Decrement the certificate counter
+ remainingCerts--;
+
try {
- // Examine OCSP properties
X509Certificate responderCert = null;
boolean seekResponderCert = false;
X500Principal responderSubjectName = null;
X500Principal responderIssuerName = null;
BigInteger responderSerialNumber = null;
+ boolean seekIssuerCert = true;
+ X509CertImpl issuerCertImpl = null;
+ X509CertImpl currCertImpl =
+ X509CertImpl.toImpl((X509Certificate)cert);
+
/*
* OCSP security property values, in the following order:
* 1. ocsp.responderURL
@@ -148,6 +156,9 @@
*/
String[] properties = getOCSPProperties();
+ // Check whether OCSP is feasible before seeking cert information
+ URL url = getOCSPServerURL(currCertImpl, properties);
+
// When responder's subject name is set then the issuer/serial
// properties are ignored
if (properties[1] != null) {
@@ -172,14 +183,9 @@
seekResponderCert = true;
}
- boolean seekIssuerCert = true;
- X509CertImpl issuerCertImpl = null;
- X509CertImpl currCertImpl =
- X509CertImpl.toImpl((X509Certificate)cert);
- remainingCerts--;
-
- // Set the issuer certificate
- if (remainingCerts != 0) {
+ // Set the issuer certificate to the next cert in the chain
+ // (unless we're processing the final cert).
+ if (remainingCerts < certs.length) {
issuerCertImpl = X509CertImpl.toImpl(certs[remainingCerts]);
seekIssuerCert = false; // done
@@ -312,7 +318,8 @@
// Construct an OCSP Request
OCSPRequest ocspRequest =
new OCSPRequest(currCertImpl, issuerCertImpl);
- URL url = getOCSPServerURL(currCertImpl, properties);
+
+ // Use the URL to the OCSP service that was created earlier
HttpURLConnection con = (HttpURLConnection)url.openConnection();
if (DEBUG != null) {
DEBUG.println("connecting to OCSP service at: " + url);
--- a/jdk/src/solaris/native/java/net/PlainSocketImpl.c Fri May 16 11:34:34 2008 +0200
+++ b/jdk/src/solaris/native/java/net/PlainSocketImpl.c Sat May 17 00:27:52 2008 -0700
@@ -358,15 +358,28 @@
* See 6343810.
*/
while (1) {
- fd_set wr, ex;
+#ifndef USE_SELECT
+ {
+fprintf(stdout,"\nNATIVE: fd = %d] ", fd);
+ struct pollfd pfd;
+ pfd.fd = fd;
+ pfd.events = POLLOUT;
- FD_ZERO(&wr);
- FD_SET(fd, &wr);
- FD_ZERO(&ex);
- FD_SET(fd, &ex);
+ connect_rv = NET_Poll(&pfd, 1, -1);
+ }
+#else
+ {
+ fd_set wr, ex;
- errno = 0;
- connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
+ FD_ZERO(&wr);
+ FD_SET(fd, &wr);
+ FD_ZERO(&ex);
+ FD_SET(fd, &ex);
+
+ connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
+ }
+#endif
+
if (connect_rv == JVM_IO_ERR) {
if (errno == EINTR) {
continue;