From 614db2ea9e10346475eef34629eab54878aa482d Mon Sep 17 00:00:00 2001 From: Aleksey Shipilev Date: Wed, 27 Mar 2024 14:44:50 +0000 Subject: [PATCH] 8328638: Fallback option for POST-only OCSP requests Reviewed-by: mullan, rhalade --- .../sun/security/provider/certpath/OCSP.java | 35 +++++++++++++- .../OCSP/GetAndPostTests.java | 5 +- .../certification/CAInterop.java | 47 +++++++++++++++++++ 3 files changed, 83 insertions(+), 4 deletions(-) diff --git a/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java b/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java index a21635afa97..febff793b69 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -85,6 +85,28 @@ public final class OCSP { private static final int READ_TIMEOUT = initializeTimeout( "com.sun.security.ocsp.readtimeout", DEFAULT_READ_TIMEOUT); + /** + * Boolean value indicating whether OCSP client can use GET for OCSP + * requests. There is an ambiguity in RFC recommendations. + * + * RFC 5019 says a stronger thing, "MUST": + * "When sending requests that are less than or equal to 255 bytes in + * total (after encoding) including the scheme and delimiters (http://), + * server name and base64-encoded OCSPRequest structure, clients MUST + * use the GET method (to enable OCSP response caching)." + * + * RFC 6960 says a weaker thing, "MAY": + * "HTTP-based OCSP requests can use either the GET or the POST method to + * submit their requests. To enable HTTP caching, small requests (that + * after encoding are less than 255 bytes) MAY be submitted using GET." + * + * For performance reasons, we default to stronger behavior. But this + * option also allows to fallback to weaker behavior in case of compatibility + * problems. + */ + private static final boolean USE_GET = initializeBoolean( + "com.sun.security.ocsp.useget", "true"); + /** * Initialize the timeout length by getting the OCSP timeout * system property. If the property has not been set, or if its @@ -99,6 +121,15 @@ public final class OCSP { return timeoutVal; } + private static boolean initializeBoolean(String prop, String def) { + String flag = GetPropertyAction.privilegedGetProperty(prop, def); + boolean value = Boolean.parseBoolean(flag); + if (debug != null) { + debug.println(prop + " set to " + value); + } + return value; + } + private OCSP() {} /** @@ -186,7 +217,7 @@ public final class OCSP { encodedGetReq.append(URLEncoder.encode( Base64.getEncoder().encodeToString(bytes), UTF_8)); - if (encodedGetReq.length() <= 255) { + if (USE_GET && encodedGetReq.length() <= 255) { url = new URI(encodedGetReq.toString()).toURL(); con = (HttpURLConnection)url.openConnection(); con.setConnectTimeout(CONNECT_TIMEOUT); diff --git a/test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java b/test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java index f8e1ae751b6..85a2fd77fa6 100644 --- a/test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java +++ b/test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /** * @test - * @bug 8179503 + * @bug 8179503 8328638 * @summary Java should support GET OCSP calls * @library /javax/net/ssl/templates /java/security/testlibrary * @build SimpleOCSPServer @@ -31,6 +31,7 @@ * java.base/sun.security.provider.certpath * java.base/sun.security.x509 * @run main/othervm GetAndPostTests + * @run main/othervm -Dcom.sun.security.ocsp.useget=false GetAndPostTests */ import java.io.ByteArrayInputStream; diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java index c1a0d782cb7..0b832366286 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java @@ -30,6 +30,9 @@ * @run main/othervm -Djava.security.debug=certpath,ocsp * CAInterop actalisauthenticationrootca OCSP * @run main/othervm/timeout=180 -Djava.security.debug=certpath,ocsp + * -Dcom.sun.security.ocsp.useget=false + * CAInterop actalisauthenticationrootca OCSP + * @run main/othervm/timeout=180 -Djava.security.debug=certpath,ocsp * CAInterop actalisauthenticationrootca CRL */ @@ -40,6 +43,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop amazonrootca1 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop amazonrootca1 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop amazonrootca1 CRL */ @@ -50,6 +54,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop amazonrootca2 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop amazonrootca2 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop amazonrootca2 CRL */ @@ -60,6 +65,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop amazonrootca3 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop amazonrootca3 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop amazonrootca3 CRL */ @@ -70,6 +76,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop amazonrootca4 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop amazonrootca4 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop amazonrootca4 CRL */ @@ -80,6 +87,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop buypassclass2ca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop buypassclass2ca OCSP * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop buypassclass2ca CRL */ @@ -90,6 +98,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop buypassclass3ca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop buypassclass3ca OCSP * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop buypassclass3ca CRL */ @@ -100,6 +109,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop comodorsaca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop comodorsaca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop comodorsaca CRL */ @@ -110,6 +120,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop comodoeccca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop comodoeccca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop comodoeccca CRL */ @@ -120,6 +131,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop usertrustrsaca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop usertrustrsaca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop usertrustrsaca CRL */ @@ -130,6 +142,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop usertrusteccca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop usertrusteccca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop usertrusteccca CRL */ @@ -140,6 +153,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop letsencryptisrgx1 DEFAULT + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop letsencryptisrgx1 DEFAULT */ /* @@ -149,6 +163,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop letsencryptisrgx2 DEFAULT + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop letsencryptisrgx2 DEFAULT */ /* @@ -158,6 +173,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop globalsignrootcar6 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop globalsignrootcar6 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop globalsignrootcar6 CRL */ @@ -168,6 +184,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop entrustrootcaec1 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop entrustrootcaec1 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop entrustrootcaec1 CRL */ @@ -178,6 +195,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop entrustrootcag4 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop entrustrootcag4 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop entrustrootcag4 CRL */ @@ -188,6 +206,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop godaddyrootg2ca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop godaddyrootg2ca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop godaddyrootg2ca CRL */ @@ -198,6 +217,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop starfieldrootg2ca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop starfieldrootg2ca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop starfieldrootg2ca CRL */ @@ -208,6 +228,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop globalsigneccrootcar4 DEFAULT + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop globalsigneccrootcar4 DEFAULT */ /* @@ -217,6 +238,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop gtsrootcar1 DEFAULT + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop gtsrootcar1 DEFAULT */ /* @@ -226,6 +248,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop gtsrootcar2 DEFAULT + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop gtsrootcar2 DEFAULT */ /* @@ -235,6 +258,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop gtsrootecccar3 DEFAULT + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop gtsrootecccar3 DEFAULT */ /* @@ -243,6 +267,7 @@ * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop gtsrootecccar4 DEFAULT * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop gtsrootecccar4 DEFAULT */ @@ -253,6 +278,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop microsoftecc2017 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop microsoftecc2017 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop microsoftecc2017 CRL */ @@ -263,6 +289,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop microsoftrsa2017 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop microsoftrsa2017 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop microsoftrsa2017 CRL */ @@ -273,6 +300,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop quovadisrootca1g3 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop quovadisrootca1g3 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop quovadisrootca1g3 CRL */ @@ -283,6 +311,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop quovadisrootca2g3 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop quovadisrootca2g3 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop quovadisrootca2g3 CRL */ @@ -293,6 +322,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop quovadisrootca3g3 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop quovadisrootca3g3 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop quovadisrootca3g3 CRL */ @@ -303,6 +333,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop digicerttlseccrootg5 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop digicerttlseccrootg5 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop digicerttlseccrootg5 CRL */ @@ -313,6 +344,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop digicerttlsrsarootg5 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop digicerttlsrsarootg5 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop digicerttlsrsarootg5 CRL */ @@ -323,6 +355,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop sslrootrsaca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop sslrootrsaca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop sslrootrsaca CRL */ @@ -333,6 +366,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop sslrootevrsaca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop sslrootevrsaca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop sslrootevrsaca CRL */ @@ -343,6 +377,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop sslrooteccca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop sslrooteccca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop sslrooteccca CRL */ @@ -353,6 +388,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop teliasonerarootcav1 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop teliasonerarootcav1 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop teliasonerarootcav1 CRL */ @@ -363,6 +399,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop twcaglobalrootca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop twcaglobalrootca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop twcaglobalrootca CRL */ @@ -373,6 +410,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop certignarootca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop certignarootca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop certignarootca CRL */ @@ -383,6 +421,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop affirmtrustcommercialca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop affirmtrustcommercialca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop affirmtrustcommercialca CRL */ @@ -393,6 +432,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop affirmtrustnetworkingca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop affirmtrustnetworkingca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop affirmtrustnetworkingca CRL */ @@ -403,6 +443,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop affirmtrustpremiumca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop affirmtrustpremiumca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop affirmtrustpremiumca CRL */ @@ -413,6 +454,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop affirmtrustpremiumeccca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop affirmtrustpremiumeccca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop affirmtrustpremiumeccca CRL */ @@ -423,6 +465,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop teliarootcav2 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop teliarootcav2 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop teliarootcav2 CRL */ @@ -433,6 +476,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop emsignrootcag1 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop emsignrootcag1 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop emsignrootcag1 CRL */ @@ -443,6 +487,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop emsigneccrootcag3 OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop emsigneccrootcag3 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop emsigneccrootcag3 CRL */ @@ -453,6 +498,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop certainlyrootr1 DEFAULT + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop certainlyrootr1 DEFAULT */ /* @@ -462,6 +508,7 @@ * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop certainlyroote1 DEFAULT + * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop certainlyroote1 DEFAULT */ /**