diff --git a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java
index 05146c8e5d65bc8e15efb241586e8d082a92270e..7918a641b7eaf2b9c67fd3259157bfd723b54beb 100644
--- a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java
+++ b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java
@@ -102,7 +102,7 @@ class OCSPChecker extends PKIXCertPathChecker {
      */
     public void init(boolean forward) throws CertPathValidatorException {
         if (!forward) {
-            remainingCerts = certs.length;
+            remainingCerts = certs.length + 1;
         } else {
             throw new CertPathValidatorException(
                 "Forward checking not supported");
@@ -131,14 +131,22 @@ class OCSPChecker extends PKIXCertPathChecker {
 
         InputStream in = null;
         OutputStream out = null;
+
+        // Decrement the certificate counter
+        remainingCerts--;
+
         try {
-            // Examine OCSP properties
             X509Certificate responderCert = null;
             boolean seekResponderCert = false;
             X500Principal responderSubjectName = null;
             X500Principal responderIssuerName = null;
             BigInteger responderSerialNumber = null;
 
+            boolean seekIssuerCert = true;
+            X509CertImpl issuerCertImpl = null;
+            X509CertImpl currCertImpl =
+                X509CertImpl.toImpl((X509Certificate)cert);
+
             /*
              * OCSP security property values, in the following order:
              *   1. ocsp.responderURL
@@ -148,6 +156,9 @@ class OCSPChecker extends PKIXCertPathChecker {
              */
             String[] properties = getOCSPProperties();
 
+            // Check whether OCSP is feasible before seeking cert information
+            URL url = getOCSPServerURL(currCertImpl, properties);
+
             // When responder's subject name is set then the issuer/serial
             // properties are ignored
             if (properties[1] != null) {
@@ -172,14 +183,9 @@ class OCSPChecker extends PKIXCertPathChecker {
                 seekResponderCert = true;
             }
 
-            boolean seekIssuerCert = true;
-            X509CertImpl issuerCertImpl = null;
-            X509CertImpl currCertImpl =
-                X509CertImpl.toImpl((X509Certificate)cert);
-            remainingCerts--;
-
-            // Set the issuer certificate
-            if (remainingCerts != 0) {
+            // Set the issuer certificate to the next cert in the chain
+            // (unless we're processing the final cert).
+            if (remainingCerts < certs.length) {
                 issuerCertImpl = X509CertImpl.toImpl(certs[remainingCerts]);
                 seekIssuerCert = false; // done
 
@@ -312,7 +318,8 @@ class OCSPChecker extends PKIXCertPathChecker {
             // Construct an OCSP Request
             OCSPRequest ocspRequest =
                 new OCSPRequest(currCertImpl, issuerCertImpl);
-            URL url = getOCSPServerURL(currCertImpl, properties);
+
+            // Use the URL to the OCSP service that was created earlier
             HttpURLConnection con = (HttpURLConnection)url.openConnection();
             if (DEBUG != null) {
                 DEBUG.println("connecting to OCSP service at: " + url);
diff --git a/src/solaris/native/java/net/PlainSocketImpl.c b/src/solaris/native/java/net/PlainSocketImpl.c
index 2490dbb0b1b51c9eb913e031d6553102710f443c..3fcaa9ee5d0a25dfe28070c17cb6e8b78775c5a3 100644
--- a/src/solaris/native/java/net/PlainSocketImpl.c
+++ b/src/solaris/native/java/net/PlainSocketImpl.c
@@ -358,15 +358,28 @@ Java_java_net_PlainSocketImpl_socketConnect(JNIEnv *env, jobject this,
              * See 6343810.
              */
             while (1) {
-                fd_set wr, ex;
+#ifndef USE_SELECT
+                {
+fprintf(stdout,"\nNATIVE: fd = %d] ", fd);
+                    struct pollfd pfd;
+                    pfd.fd = fd;
+                    pfd.events = POLLOUT;
 
-                FD_ZERO(&wr);
-                FD_SET(fd, &wr);
-                FD_ZERO(&ex);
-                FD_SET(fd, &ex);
+                    connect_rv = NET_Poll(&pfd, 1, -1);
+                }
+#else
+                {
+                    fd_set wr, ex;
+
+                    FD_ZERO(&wr);
+                    FD_SET(fd, &wr);
+                    FD_ZERO(&ex);
+                    FD_SET(fd, &ex);
+
+                    connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
+                }
+#endif
 
-                errno = 0;
-                connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
                 if (connect_rv == JVM_IO_ERR) {
                     if (errno == EINTR) {
                         continue;
diff --git a/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java b/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java
index e102606b4d14d4b98801e6cbae077f5cf6dd0a90..5b1e6de3737dd55519d6c33326b5ae92ac4590b2 100644
--- a/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java
+++ b/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java
@@ -2,32 +2,22 @@
  * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
- * This code is free software; you can redistribute it and/or modi
-fy it
- * under the terms of the GNU General Public License version 2 onl
-y, as
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.
  *
- * This code is distributed in the hope that it will be useful, bu
-t WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABIL
-ITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public L
-icense
- * version 2 for more details (a copy is included in the LICENSE f
-ile that
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *
- * You should have received a copy of the GNU General Public Licen
-se version
- * 2 along with this work; if not, write to the Free Software Foun
-dation,
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, San
-ta Clara,
- * CA 95054 USA or visit www.sun.com if you need additional inform
-ation or
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
  * have any questions.
  */
 
diff --git a/test/sun/security/tools/keytool/autotest.sh b/test/sun/security/tools/keytool/autotest.sh
index 5376b257a4ed21e3bcb27a7f53c6f211b8ede352..04c00c14ebfe9484e69f44795e1c60352da4387a 100644
--- a/test/sun/security/tools/keytool/autotest.sh
+++ b/test/sun/security/tools/keytool/autotest.sh
@@ -1,5 +1,5 @@
 #
-# Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2006-2008 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -90,7 +90,8 @@ chmod u+w cert8.db
 
 echo | ${TESTJAVA}${FS}bin${FS}java -Dfile -Dnss \
    -Dnss.lib=${NSS}${FS}lib${FS}${PF}${FS}${LIBNAME} \
-   KeyToolTest || exit 12
+   KeyToolTest
+status=$?
 
 rm -f p11-nss.txt
 rm -f cert8.db
@@ -101,4 +102,5 @@ rm HumanInputStream*.class
 rm KeyToolTest.class
 rm TestException.class 
 
-exit $?
+exit $status
+