changeset 5229:3aa687530ca9

7182500: OCSP revocation checking fails if OCSP responce does not contain certificates Reviewed-by: xuelei, valeriep
author vinnie
date Mon, 16 Jul 2012 16:31:10 +0100
parents c399756623cb
children ba7fae92732e
files src/share/classes/sun/security/provider/certpath/OCSPResponse.java
diffstat 1 files changed, 3 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Mon Jul 16 11:56:45 2012 +0800
+++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Mon Jul 16 16:31:10 2012 +0100
@@ -349,7 +349,9 @@
             }
         }
 
-        X509Certificate trustedResponderCert = null;
+        // By default, the OCSP responder's cert is the same as the issuer of
+        // the cert being validated. The issuer cert is the first in the list.
+        X509Certificate trustedResponderCert = responderCerts.get(0);
 
         // Check whether the signer cert returned by the responder is trusted
         if (x509Certs != null && x509Certs[0] != null) {