Merge

efbc70ce · wetmore · e824f1ca · fbf34fe7 · efbc70ce · efbc70ce
4 changed file
--- a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java
+++ b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java
@@ -102,7 +102,7 @@ class OCSPChecker extends PKIXCertPathChecker {
     */
    public void init(boolean forward) throws CertPathValidatorException {
        if (!forward) {
-            remainingCerts = certs.length;
+            remainingCerts = certs.length + 1;
        } else {
            throw new CertPathValidatorException(
                "Forward checking not supported");
@@ -131,14 +131,22 @@ class OCSPChecker extends PKIXCertPathChecker {
        InputStream in = null;
        OutputStream out = null;
+        // Decrement the certificate counter
+        remainingCerts--;
        try {
-            // Examine OCSP properties
            X509Certificate responderCert = null;
            boolean seekResponderCert = false;
            X500Principal responderSubjectName = null;
            X500Principal responderIssuerName = null;
            BigInteger responderSerialNumber = null;
+            boolean seekIssuerCert = true;
+            X509CertImpl issuerCertImpl = null;
+            X509CertImpl currCertImpl =
+                X509CertImpl.toImpl((X509Certificate)cert);
            /*
             * OCSP security property values, in the following order:
             *   1. ocsp.responderURL
@@ -148,6 +156,9 @@ class OCSPChecker extends PKIXCertPathChecker {
             */
            String[] properties = getOCSPProperties();
+            // Check whether OCSP is feasible before seeking cert information
+            URL url = getOCSPServerURL(currCertImpl, properties);
            // When responder's subject name is set then the issuer/serial
            // properties are ignored
            if (properties[1] != null) {
@@ -172,14 +183,9 @@ class OCSPChecker extends PKIXCertPathChecker {
                seekResponderCert = true;
            }
-            boolean seekIssuerCert = true;
+            // Set the issuer certificate to the next cert in the chain
-            X509CertImpl issuerCertImpl = null;
+            // (unless we're processing the final cert).
-            X509CertImpl currCertImpl =
+            if (remainingCerts < certs.length) {
-                X509CertImpl.toImpl((X509Certificate)cert);
-            remainingCerts--;
-            // Set the issuer certificate
-            if (remainingCerts != 0) {
                issuerCertImpl = X509CertImpl.toImpl(certs[remainingCerts]);
                seekIssuerCert = false; // done
@@ -312,7 +318,8 @@ class OCSPChecker extends PKIXCertPathChecker {
            // Construct an OCSP Request
            OCSPRequest ocspRequest =
                new OCSPRequest(currCertImpl, issuerCertImpl);
-            URL url = getOCSPServerURL(currCertImpl, properties);
+            // Use the URL to the OCSP service that was created earlier
            HttpURLConnection con = (HttpURLConnection)url.openConnection();
            if (DEBUG != null) {
                DEBUG.println("connecting to OCSP service at: " + url);

--- a/src/solaris/native/java/net/PlainSocketImpl.c
+++ b/src/solaris/native/java/net/PlainSocketImpl.c
@@ -358,15 +358,28 @@ Java_java_net_PlainSocketImpl_socketConnect(JNIEnv *env, jobject this,
             * See 6343810.
             */
            while (1) {
-                fd_set wr, ex;
+#ifndef USE_SELECT
+                {
+fprintf(stdout,"\nNATIVE: fd = %d] ", fd);
+                    struct pollfd pfd;
+                    pfd.fd = fd;
+                    pfd.events = POLLOUT;
-                FD_ZERO(&wr);
+                    connect_rv = NET_Poll(&pfd, 1, -1);
-                FD_SET(fd, &wr);
+                }
-                FD_ZERO(&ex);
+#else
-                FD_SET(fd, &ex);
+                {
+                    fd_set wr, ex;
+                    FD_ZERO(&wr);
+                    FD_SET(fd, &wr);
+                    FD_ZERO(&ex);
+                    FD_SET(fd, &ex);
+                    connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
+                }
+#endif
-                errno = 0;
-                connect_rv = NET_Select(fd+1, 0, &wr, &ex, 0);
                if (connect_rv == JVM_IO_ERR) {
                    if (errno == EINTR) {
                        continue;

--- a/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java
+++ b/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java
@@ -2,32 +2,22 @@
 * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
- * This code is free software; you can redistribute it and/or modi
+ * This code is free software; you can redistribute it and/or modify it
-fy it
+ * under the terms of the GNU General Public License version 2 only, as
- * under the terms of the GNU General Public License version 2 onl
-y, as
 * published by the Free Software Foundation.
 *
- * This code is distributed in the hope that it will be useful, bu
+ * This code is distributed in the hope that it will be useful, but WITHOUT
-t WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * ANY WARRANTY; without even the implied warranty of MERCHANTABIL
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-ITY or
+ * version 2 for more details (a copy is included in the LICENSE file that
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public L
-icense
- * version 2 for more details (a copy is included in the LICENSE f
-ile that
 * accompanied this code).
 *
- * You should have received a copy of the GNU General Public Licen
+ * You should have received a copy of the GNU General Public License version
-se version
+ * 2 along with this work; if not, write to the Free Software Foundation,
- * 2 along with this work; if not, write to the Free Software Foun
-dation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, San
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
-ta Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
- * CA 95054 USA or visit www.sun.com if you need additional inform
-ation or
 * have any questions.
 */

--- a/test/sun/security/tools/keytool/autotest.sh
+++ b/test/sun/security/tools/keytool/autotest.sh
 #
-# Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2006-2008 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -90,7 +90,8 @@ chmod u+w cert8.db
 echo | ${TESTJAVA}${FS}bin${FS}java -Dfile -Dnss \
   -Dnss.lib=${NSS}${FS}lib${FS}${PF}${FS}${LIBNAME} \
-   KeyToolTest || exit 12
+   KeyToolTest
+status=$?
 rm -f p11-nss.txt
 rm -f cert8.db
@@ -101,4 +102,5 @@ rm HumanInputStream*.class
 rm KeyToolTest.class
 rm TestException.class 
-exit $?
+exit $status