JDK-6854712 : Revocation checking enhancements (JEP-124)
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2009-06-24
  • Updated: 2017-12-21
  • Resolved: 2012-06-12
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 Other
8 b43Fixed openjdk7uFixed
Related Reports
Relates :  
Relates :  
Relates :  
Relates :  
This is an umbrella CR of various revocation checking enhancements. Some are deployment related. Separate CRs should be spun off as they are addressed. More enhancements may be added to this list.

1) Add an API for just checking if a certificate is revoked. 

Currently you must validate a chain of certificates using a PKIX CertPathValidator to check if the certs have been revoked. This is signficant overhead, when all you want to check is if a certificate is revoked, which is a useful thing to do as a periodic check or when the revocation information becomes stale (ex: CRL is expired). 

The API should return revocation information (CRLs, OCSP Responses) so that they can be cached by an implementation.

2) Add more deployment revocation checking properties

Currently, revocation checking is either enabled or disabled. It would be useful to have the following suboptions if revocation is enabled:

 a) check revocation of end-entity cert only
 b) allow revocation check to pass if network problem prevents checking of status
The enhancements in this RFE have been posted to OpenJDK as JEP-124: 


This is a JDk 8 EFP. Tests dev is complete. Issues seen are tracked as seperate bugs. Hence marking this as verified

EVALUATION The revocation enhancements discussed in this CR are being specified and implemented as part of JEP-124.