diff --git a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java index 05146c8e5d65bc8e15efb241586e8d082a92270e..7918a641b7eaf2b9c67fd3259157bfd723b54beb 100644 --- a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java +++ b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java @@ -102,7 +102,7 @@ class OCSPChecker extends PKIXCertPathChecker { */ public void init(boolean forward) throws CertPathValidatorException { if (!forward) { - remainingCerts = certs.length; + remainingCerts = certs.length + 1; } else { throw new CertPathValidatorException( "Forward checking not supported"); @@ -131,14 +131,22 @@ class OCSPChecker extends PKIXCertPathChecker { InputStream in = null; OutputStream out = null; + + // Decrement the certificate counter + remainingCerts--; + try { - // Examine OCSP properties X509Certificate responderCert = null; boolean seekResponderCert = false; X500Principal responderSubjectName = null; X500Principal responderIssuerName = null; BigInteger responderSerialNumber = null; + boolean seekIssuerCert = true; + X509CertImpl issuerCertImpl = null; + X509CertImpl currCertImpl = + X509CertImpl.toImpl((X509Certificate)cert); + /* * OCSP security property values, in the following order: * 1. ocsp.responderURL @@ -148,6 +156,9 @@ class OCSPChecker extends PKIXCertPathChecker { */ String[] properties = getOCSPProperties(); + // Check whether OCSP is feasible before seeking cert information + URL url = getOCSPServerURL(currCertImpl, properties); + // When responder's subject name is set then the issuer/serial // properties are ignored if (properties[1] != null) { @@ -172,14 +183,9 @@ class OCSPChecker extends PKIXCertPathChecker { seekResponderCert = true; } - boolean seekIssuerCert = true; - X509CertImpl issuerCertImpl = null; - X509CertImpl currCertImpl = - X509CertImpl.toImpl((X509Certificate)cert); - remainingCerts--; - - // Set the issuer certificate - if (remainingCerts != 0) { + // Set the issuer certificate to the next cert in the chain + // (unless we're processing the final cert). + if (remainingCerts < certs.length) { issuerCertImpl = X509CertImpl.toImpl(certs[remainingCerts]); seekIssuerCert = false; // done @@ -312,7 +318,8 @@ class OCSPChecker extends PKIXCertPathChecker { // Construct an OCSP Request OCSPRequest ocspRequest = new OCSPRequest(currCertImpl, issuerCertImpl); - URL url = getOCSPServerURL(currCertImpl, properties); + + // Use the URL to the OCSP service that was created earlier HttpURLConnection con = (HttpURLConnection)url.openConnection(); if (DEBUG != null) { DEBUG.println("connecting to OCSP service at: " + url); diff --git a/src/solaris/native/java/net/PlainSocketImpl.c b/src/solaris/native/java/net/PlainSocketImpl.c index 2490dbb0b1b51c9eb913e031d6553102710f443c..3fcaa9ee5d0a25dfe28070c17cb6e8b78775c5a3 100644 --- a/src/solaris/native/java/net/PlainSocketImpl.c +++ b/src/solaris/native/java/net/PlainSocketImpl.c @@ -358,15 +358,28 @@ Java_java_net_PlainSocketImpl_socketConnect(JNIEnv *env, jobject this, * See 6343810. */ while (1) { - fd_set wr, ex; +#ifndef USE_SELECT + { +fprintf(stdout,"\nNATIVE: fd = %d] ", fd); + struct pollfd pfd; + pfd.fd = fd; + pfd.events = POLLOUT; - FD_ZERO(&wr); - FD_SET(fd, &wr); - FD_ZERO(&ex); - FD_SET(fd, &ex); + connect_rv = NET_Poll(&pfd, 1, -1); + } +#else + { + fd_set wr, ex; + + FD_ZERO(&wr); + FD_SET(fd, &wr); + FD_ZERO(&ex); + FD_SET(fd, &ex); + + connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0); + } +#endif - errno = 0; - connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0); if (connect_rv == JVM_IO_ERR) { if (errno == EINTR) { continue;