archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-21 11:34:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge

Browse source
This commit is contained in:
Bradford Wetmore 2008-05-17 00:27:52 -07:00
commit 1d0421b41f
2 changed files with 38 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

29
jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java
View file

@ -102,7 +102,7 @@ class OCSPChecker extends PKIXCertPathChecker {
*/
public void init(boolean forward) throws CertPathValidatorException {
if (!forward) {
remainingCerts = certs.length;
remainingCerts = certs.length + 1;
} else {
throw new CertPathValidatorException(
"Forward checking not supported");
@ -131,14 +131,22 @@ class OCSPChecker extends PKIXCertPathChecker {
InputStream in = null;
OutputStream out = null;
// Decrement the certificate counter
remainingCerts--;
try {
// Examine OCSP properties
X509Certificate responderCert = null;
boolean seekResponderCert = false;
X500Principal responderSubjectName = null;
X500Principal responderIssuerName = null;
BigInteger responderSerialNumber = null;
boolean seekIssuerCert = true;
X509CertImpl issuerCertImpl = null;
X509CertImpl currCertImpl =
X509CertImpl.toImpl((X509Certificate)cert);
/*
* OCSP security property values, in the following order:
* 1. ocsp.responderURL
@ -148,6 +156,9 @@ class OCSPChecker extends PKIXCertPathChecker {
*/
String[] properties = getOCSPProperties();
// Check whether OCSP is feasible before seeking cert information
URL url = getOCSPServerURL(currCertImpl, properties);
// When responder's subject name is set then the issuer/serial
// properties are ignored
if (properties[1] != null) {
@ -172,14 +183,9 @@ class OCSPChecker extends PKIXCertPathChecker {
seekResponderCert = true;
}
boolean seekIssuerCert = true;
X509CertImpl issuerCertImpl = null;
X509CertImpl currCertImpl =
X509CertImpl.toImpl((X509Certificate)cert);
remainingCerts--;
// Set the issuer certificate
if (remainingCerts != 0) {
// Set the issuer certificate to the next cert in the chain
// (unless we're processing the final cert).
if (remainingCerts < certs.length) {
issuerCertImpl = X509CertImpl.toImpl(certs[remainingCerts]);
seekIssuerCert = false; // done
@ -312,7 +318,8 @@ class OCSPChecker extends PKIXCertPathChecker {
// Construct an OCSP Request
OCSPRequest ocspRequest =
new OCSPRequest(currCertImpl, issuerCertImpl);
URL url = getOCSPServerURL(currCertImpl, properties);
// Use the URL to the OCSP service that was created earlier
HttpURLConnection con = (HttpURLConnection)url.openConnection();
if (DEBUG != null) {
DEBUG.println("connecting to OCSP service at: " + url);

27
jdk/src/solaris/native/java/net/PlainSocketImpl.c
View file

@ -358,15 +358,28 @@ Java_java_net_PlainSocketImpl_socketConnect(JNIEnv *env, jobject this,
* See 6343810.
*/
while (1) {
fd_set wr, ex;
#ifndef USE_SELECT
{
fprintf(stdout,"\nNATIVE: fd = %d] ", fd);
struct pollfd pfd;
pfd.fd = fd;
pfd.events = POLLOUT;
FD_ZERO(&wr);
FD_SET(fd, &wr);
FD_ZERO(&ex);
FD_SET(fd, &ex);
connect_rv = NET_Poll(&pfd, 1, -1);
}
#else
{
fd_set wr, ex;
FD_ZERO(&wr);
FD_SET(fd, &wr);
FD_ZERO(&ex);
FD_SET(fd, &ex);
connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
}
#endif
errno = 0;
connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
if (connect_rv == JVM_IO_ERR) {
if (errno == EINTR) {
continue;