Merge

858fca83 · wetmore · 04964bc7 · 01ca872a · 858fca83 · 858fca83
2 changed file
--- a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java
+++ b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java
@@ -102,7 +102,7 @@ class OCSPChecker extends PKIXCertPathChecker {
     */
    public void init(boolean forward) throws CertPathValidatorException {
        if (!forward) {
-            remainingCerts = certs.length;
+            remainingCerts = certs.length + 1;
        } else {
            throw new CertPathValidatorException(
                "Forward checking not supported");
@@ -131,14 +131,22 @@ class OCSPChecker extends PKIXCertPathChecker {

        InputStream in = null;
        OutputStream out = null;
+
+        // Decrement the certificate counter
+        remainingCerts--;
+
        try {
-            // Examine OCSP properties
            X509Certificate responderCert = null;
            boolean seekResponderCert = false;
            X500Principal responderSubjectName = null;
            X500Principal responderIssuerName = null;
            BigInteger responderSerialNumber = null;

+            boolean seekIssuerCert = true;
+            X509CertImpl issuerCertImpl = null;
+            X509CertImpl currCertImpl =
+                X509CertImpl.toImpl((X509Certificate)cert);
+
            /*
             * OCSP security property values, in the following order:
             *   1. ocsp.responderURL
@@ -148,6 +156,9 @@ class OCSPChecker extends PKIXCertPathChecker {
             */
            String[] properties = getOCSPProperties();

+            // Check whether OCSP is feasible before seeking cert information
+            URL url = getOCSPServerURL(currCertImpl, properties);
+
            // When responder's subject name is set then the issuer/serial
            // properties are ignored
            if (properties[1] != null) {
@@ -172,14 +183,9 @@ class OCSPChecker extends PKIXCertPathChecker {
                seekResponderCert = true;
            }

-            boolean seekIssuerCert = true;
-            X509CertImpl issuerCertImpl = null;
-            X509CertImpl currCertImpl =
-                X509CertImpl.toImpl((X509Certificate)cert);
-            remainingCerts--;
-
-            // Set the issuer certificate
-            if (remainingCerts != 0) {
+            // Set the issuer certificate to the next cert in the chain
+            // (unless we're processing the final cert).
+            if (remainingCerts < certs.length) {
                issuerCertImpl = X509CertImpl.toImpl(certs[remainingCerts]);
                seekIssuerCert = false; // done

@@ -312,7 +318,8 @@ class OCSPChecker extends PKIXCertPathChecker {
            // Construct an OCSP Request
            OCSPRequest ocspRequest =
                new OCSPRequest(currCertImpl, issuerCertImpl);
-            URL url = getOCSPServerURL(currCertImpl, properties);
+
+            // Use the URL to the OCSP service that was created earlier
            HttpURLConnection con = (HttpURLConnection)url.openConnection();
            if (DEBUG != null) {
                DEBUG.println("connecting to OCSP service at: " + url);

--- a/src/solaris/native/java/net/PlainSocketImpl.c
+++ b/src/solaris/native/java/net/PlainSocketImpl.c
@@ -358,15 +358,28 @@ Java_java_net_PlainSocketImpl_socketConnect(JNIEnv *env, jobject this,
             * See 6343810.
             */
            while (1) {
-                fd_set wr, ex;
+#ifndef USE_SELECT
+                {
+fprintf(stdout,"\nNATIVE: fd = %d] ", fd);
+                    struct pollfd pfd;
+                    pfd.fd = fd;
+                    pfd.events = POLLOUT;

-                FD_ZERO(&wr);
-                FD_SET(fd, &wr);
-                FD_ZERO(&ex);
-                FD_SET(fd, &ex);
+                    connect_rv = NET_Poll(&pfd, 1, -1);
+                }
+#else
+                {
+                    fd_set wr, ex;
+
+                    FD_ZERO(&wr);
+                    FD_SET(fd, &wr);
+                    FD_ZERO(&ex);
+                    FD_SET(fd, &ex);
+
+                    connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
+                }
+#endif

-                errno = 0;
-                connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
                if (connect_rv == JVM_IO_ERR) {
                    if (errno == EINTR) {
                        continue;