JDK-6743745 : Revocation check for pre-trusted certificate only first time
  • Type: Bug
  • Component: deploy
  • Sub-Component: deployment_toolkit
  • Affected Version: 6u10
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2008-09-02
  • Updated: 2010-09-17
  • Resolved: 2008-10-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
6u10 b32Fixed 7Fixed
This is part of pre-trusted certificate RFE (6569795).

If the certificate is in our pre-trusted list, it will be automcatically trusted and stored in user's trusted keystore, we need to find a way to revoke it if the key is lost or any other reason.

If revocation check (OCSP and CRL) is not enabled by user, we won't be able to do that, so we have to do revocation check (OCSP and CRL) weekly automatically for those pre-trusted certificate.

EVALUATION We decided to do revocation check only the first time when we encounter the pre-trusted certificate, not weekly. We are going to skip the intermediate certificate revocation check for pre-trusted certificate as well (if user didn't enable OCSP and CRL setting using Java control panel).

EVALUATION I will fix it in 6u11 b02. We will use hard-coded jurisdiction string instead of parsing trusted.publishers file in user's machine, this is requested by security team, we are going to move back to jurisdiction file in later release.