IZ68668: MODIFICATIONS TO THE CERTPATH OCSPCHECKER CLASS FOR SUN BUG 6864 911

APAR status

• Closed as program error.

Error description

• Error Message: To the best of my knowledge, this bug has not
  been experienced by a customer.  This concern was raised
  by Sun Bug 6864911.
  .
  Stack Trace: N/A
  .
  

Local fix

Problem summary

• The fix for this sun security bulletin has changes to
  sun.security.provider.certpath.OCSPChecker as described below.
  ---
  old/src/share/classes/sun/security/provider/certpath/OCSPChecker
  .java Wed Aug  5 01:59:07 2009
  +++
  new/src/share/classes/sun/security/provider/certpath/OCSPChecker
  .java Wed Aug  5 01:59:07 2009
  @@ -18,6 +18,7 @@
   import java.net.*;
   import javax.security.auth.x500.X500Principal;
  
  +import sun.misc.IOUtils;
   import sun.security.util.*;
   import sun.security.x509.*;
  
  @@ -347,18 +348,8 @@
        InputStream in = con.getInputStream();
  
        int contentLength = con.getContentLength();
  -     if (contentLength == -1) {
  -  contentLength = Integer.MAX_VALUE;
  -     }
  +     byte<OSB><CSB> response = IOUtils.readFully(in,
  contentLength, false);
  
  -     byte<OSB><CSB> response = new byte<OSB>contentLength<CSB>;
  -     int total = 0;
  -     int count = 0;
  -     while (count != -1 && total < contentLength) {
  -         count = in.read(response, total, response.length -
  total);
  -         total += count;
  -     }
  -
        // clean-up
        in.close();
        out.close();
  

Problem conclusion

• This defect will be fixed in:
  5.0.0 SR11 FP1
  6.0.0 SR7
  .
  Refer to the Sun bug fix above.
  .
  To obtain the fix:
  Install build 20091120 or later
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  IZ68669

Fix information

• Fixed component name

  JAVA 5 SECURITY

• Fixed component ID

  620500125

Applicable component levels

• R500 PSN

     UP