In J2SE v 1.5, the revocation status of a public key certificate can be checked by means of OCSP (RFC 2560). The certificate being checked may be pre-configured to use a particular OCSP Responder. The responder is identified by a URL in the certificate's AuthorityInfoAccess (AIA) extension. That AIA extension is currently being ignored. The result is that pre-configured certificates cannot be checked correctly.
|