--- old/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java 2016-10-10 11:49:57.591347890 -0700 +++ new/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java 2016-10-10 11:49:57.479347894 -0700 @@ -35,6 +35,7 @@ import java.security.cert.CertPathValidatorException.BasicReason; import java.security.cert.CRLReason; import java.security.cert.Extension; +import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Collections; @@ -125,8 +126,8 @@ ("Exception while encoding OCSPRequest", e); } OCSPResponse ocspResponse = check(Collections.singletonList(certId), - responderURI, new OCSPResponse.IssuerInfo(issuerCert), null, null, - Collections.emptyList()); + responderURI, new OCSPResponse.IssuerInfo(null, issuerCert), null, + null, Collections.emptyList()); return (RevocationStatus)ocspResponse.getSingleResponse(certId); } @@ -164,6 +165,20 @@ Date date, List extensions) throws IOException, CertPathValidatorException { + return check(cert, responderURI, + new TrustAnchor(issuerCert.getSubjectX500Principal(), + issuerCert.getPublicKey(), null), + issuerCert, responderCert, date, extensions); + } + + public static RevocationStatus check(X509Certificate cert, + URI responderURI, + TrustAnchor anchor, + X509Certificate issuerCert, + X509Certificate responderCert, + Date date, List extensions) + throws IOException, CertPathValidatorException + { CertId certId = null; try { X509CertImpl certImpl = X509CertImpl.toImpl(cert); @@ -173,8 +188,8 @@ ("Exception while encoding OCSPRequest", e); } OCSPResponse ocspResponse = check(Collections.singletonList(certId), - responderURI, new OCSPResponse.IssuerInfo(issuerCert), - responderCert, date, extensions); + responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert), + responderCert, date, extensions); return (RevocationStatus) ocspResponse.getSingleResponse(certId); }