1. Set up a trusted organizational level certificate issued right under the
trusted anchor in the certificate chain
2. Send a message to the address, causing trust validation to occur
3. TrustChainValidator will attempt to resolve intermediate certificates even
though there are not any (in my use case there is also an attempt to resolve
via a non responsive public LDAP server, which causes a long delay before it
times out)
4. When non-existent intermediate certificate is not located, the trust is
successfully validated using the anchor certificate
This is in the Java RI on a Red Hat Linux server.
This is not a high priority issue, since the trust is still successfully
established, however performance could be negatively impacted if the
certificate that the RI is attempting to resolve is not being hosted via DNS or
LDAP as there is a minimum timeout period that will have to elapse before
continuing on.
It is suggested that an extra check in TrustChainValidator.java under the
resolveIssuers method also check if the certificate issuer is present in the
anchors in order to avoid the extra check for an intermediate certificate via
DNS or PublicLDAP if it is not necessary to do so.
Original issue reported on code.google.com by atbe...@gmail.com on 1 Aug 2014 at 5:43
Original issue reported on code.google.com by
atbe...@gmail.comon 1 Aug 2014 at 5:43