This might be a regression. When the rule set file is signed with cert containing OCSP information, and it cannot connect to the OCSP server, it should still work as valid. Now it works as a wrong rule set file and block the applet. Steps to reproduce: 1.Dowload http://sqeweb.us.oracle.com/deployment2/sheldon/webCases/PolicyFileValidation/policy_template/policy_publicRevoked.jar and install it. 2.Disconnect from internet by unsetting proxy. 3.Launch the applet from http://sqeweb.us.oracle.com/deployment2/sheldon/webCases/PolicyFileValidation/html/hello_appletTag.html 4.If it is blocked with "Cannot Verify RuleSet", bug is reproducible. It should get launched. Also if the OCSP server is accessible, and the cert is revoked. it should come out with dialog "Certificate has been revoked". Now it is "Cannot Verify RuleSet". Attachment are the trace for OCSP server accessible and inaccessible scenarios.
|