diff options
Diffstat (limited to 'java/openjdk6/files/icedtea/openjdk/8004188-rename_java.security.patch')
| -rw-r--r-- | java/openjdk6/files/icedtea/openjdk/8004188-rename_java.security.patch | 652 |
1 files changed, 652 insertions, 0 deletions
diff --git a/java/openjdk6/files/icedtea/openjdk/8004188-rename_java.security.patch b/java/openjdk6/files/icedtea/openjdk/8004188-rename_java.security.patch new file mode 100644 index 000000000000..10209ee5ecd3 --- /dev/null +++ b/java/openjdk6/files/icedtea/openjdk/8004188-rename_java.security.patch @@ -0,0 +1,652 @@ +# HG changeset patch +# User juh +# Date 1382736906 -3600 +# Fri Oct 25 22:35:06 2013 +0100 +# Node ID 2a023db33371ce5ee42134cf0d860ab9f0adff92 +# Parent 3b6f55f02122398ba662fb581352c9c9b102c2e3 +8004188: Rename src/share/lib/security/java.security to java.security-linux +Reviewed-by: mullan, mchung + +diff -r 3b6f55f02122 -r 2a023db33371 make/java/security/Makefile +--- jdk/make/java/security/Makefile Fri Jul 12 11:36:15 2013 +0100 ++++ jdk/make/java/security/Makefile Fri Oct 25 22:35:06 2013 +0100 +@@ -37,7 +37,8 @@ + # Directories + # + +-PROPS_SRC = $(TOPDIR)/src/share/lib/security/java.security ++# The default security properties file is for linux ++PROPS_SRC = $(TOPDIR)/src/share/lib/security/java.security-linux + SUNPKCS11 = + + ifeq ($(PLATFORM), solaris) +diff -r 3b6f55f02122 -r 2a023db33371 src/share/lib/security/java.security +--- jdk/src/share/lib/security/java.security Fri Jul 12 11:36:15 2013 +0100 ++++ /dev/null Thu Jan 01 00:00:00 1970 +0000 +@@ -1,311 +0,0 @@ +-# +-# This is the "master security properties file". +-# +-# In this file, various security properties are set for use by +-# java.security classes. This is where users can statically register +-# Cryptography Package Providers ("providers" for short). The term +-# "provider" refers to a package or set of packages that supply a +-# concrete implementation of a subset of the cryptography aspects of +-# the Java Security API. A provider may, for example, implement one or +-# more digital signature algorithms or message digest algorithms. +-# +-# Each provider must implement a subclass of the Provider class. +-# To register a provider in this master security properties file, +-# specify the Provider subclass name and priority in the format +-# +-# security.provider.<n>=<className> +-# +-# This declares a provider, and specifies its preference +-# order n. The preference order is the order in which providers are +-# searched for requested algorithms (when no specific provider is +-# requested). The order is 1-based; 1 is the most preferred, followed +-# by 2, and so on. +-# +-# <className> must specify the subclass of the Provider class whose +-# constructor sets the values of various properties that are required +-# for the Java Security API to look up the algorithms or other +-# facilities implemented by the provider. +-# +-# There must be at least one provider specification in java.security. +-# There is a default provider that comes standard with the JDK. It +-# is called the "SUN" provider, and its Provider subclass +-# named Sun appears in the sun.security.provider package. Thus, the +-# "SUN" provider is registered via the following: +-# +-# security.provider.1=sun.security.provider.Sun +-# +-# (The number 1 is used for the default provider.) +-# +-# Note: Providers can be dynamically registered instead by calls to +-# either the addProvider or insertProviderAt method in the Security +-# class. +- +-# +-# List of providers and their preference orders (see above): +-# +-security.provider.1=sun.security.provider.Sun +-security.provider.2=sun.security.rsa.SunRsaSign +-security.provider.3=com.sun.net.ssl.internal.ssl.Provider +-security.provider.4=com.sun.crypto.provider.SunJCE +-security.provider.5=sun.security.jgss.SunProvider +-security.provider.6=com.sun.security.sasl.Provider +-security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI +-security.provider.8=sun.security.smartcardio.SunPCSC +- +-# +-# Select the source of seed data for SecureRandom. By default an +-# attempt is made to use the entropy gathering device specified by +-# the securerandom.source property. If an exception occurs when +-# accessing the URL then the traditional system/thread activity +-# algorithm is used. +-# +-# On Solaris and Linux systems, if file:/dev/urandom is specified and it +-# exists, a special SecureRandom implementation is activated by default. +-# This "NativePRNG" reads random bytes directly from /dev/urandom. +-# +-# On Windows systems, the URLs file:/dev/random and file:/dev/urandom +-# enables use of the Microsoft CryptoAPI seed functionality. +-# +-securerandom.source=file:/dev/urandom +-# +-# The entropy gathering device is described as a URL and can also +-# be specified with the system property "java.security.egd". For example, +-# -Djava.security.egd=file:/dev/urandom +-# Specifying this system property will override the securerandom.source +-# setting. +- +-# +-# Class to instantiate as the javax.security.auth.login.Configuration +-# provider. +-# +-login.configuration.provider=com.sun.security.auth.login.ConfigFile +- +-# +-# Default login configuration file +-# +-#login.config.url.1=file:${user.home}/.java.login.config +- +-# +-# Class to instantiate as the system Policy. This is the name of the class +-# that will be used as the Policy object. +-# +-policy.provider=sun.security.provider.PolicyFile +- +-# The default is to have a single system-wide policy file, +-# and a policy file in the user's home directory. +-policy.url.1=file:${java.home}/lib/security/java.policy +-policy.url.2=file:${user.home}/.java.policy +- +-# whether or not we expand properties in the policy file +-# if this is set to false, properties (${...}) will not be expanded in policy +-# files. +-policy.expandProperties=true +- +-# whether or not we allow an extra policy to be passed on the command line +-# with -Djava.security.policy=somefile. Comment out this line to disable +-# this feature. +-policy.allowSystemProperty=true +- +-# whether or not we look into the IdentityScope for trusted Identities +-# when encountering a 1.1 signed JAR file. If the identity is found +-# and is trusted, we grant it AllPermission. +-policy.ignoreIdentityScope=false +- +-# +-# Default keystore type. +-# +-keystore.type=jks +- +-# +-# Class to instantiate as the system scope: +-# +-system.scope=sun.security.provider.IdentityDatabase +- +-# +-# List of comma-separated packages that start with or equal this string +-# will cause a security exception to be thrown when +-# passed to checkPackageAccess unless the +-# corresponding RuntimePermission ("accessClassInPackage."+package) has +-# been granted. +-package.access=sun.,\ +- com.sun.corba.se.impl.,\ +- com.sun.xml.internal.,\ +- com.sun.imageio.,\ +- com.sun.istack.internal.,\ +- com.sun.jmx.,\ +- com.sun.proxy.,\ +- com.sun.org.apache.bcel.internal.,\ +- com.sun.org.apache.regexp.internal.,\ +- com.sun.org.apache.xerces.internal.,\ +- com.sun.org.apache.xpath.internal.,\ +- com.sun.org.apache.xalan.internal.extensions.,\ +- com.sun.org.apache.xalan.internal.lib.,\ +- com.sun.org.apache.xalan.internal.res.,\ +- com.sun.org.apache.xalan.internal.templates.,\ +- com.sun.org.apache.xalan.internal.xslt.,\ +- com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ +- com.sun.org.apache.xalan.internal.xsltc.compiler.,\ +- com.sun.org.apache.xalan.internal.xsltc.trax.,\ +- com.sun.org.apache.xalan.internal.xsltc.util.,\ +- com.sun.org.apache.xml.internal.res.,\ +- com.sun.org.apache.xml.internal.serializer.utils.,\ +- com.sun.org.apache.xml.internal.utils.,\ +- com.sun.org.apache.xml.internal.security.,\ +- com.sun.org.glassfish.,\ +- org.jcp.xml.dsig.internal. +- +-# +-# List of comma-separated packages that start with or equal this string +-# will cause a security exception to be thrown when +-# passed to checkPackageDefinition unless the +-# corresponding RuntimePermission ("defineClassInPackage."+package) has +-# been granted. +-# +-# by default, none of the class loaders supplied with the JDK call +-# checkPackageDefinition. +-# +-package.definition=sun.,\ +- com.sun.corba.se.impl.,\ +- com.sun.xml.internal.,\ +- com.sun.imageio.,\ +- com.sun.istack.internal.,\ +- com.sun.jmx.,\ +- com.sun.proxy.,\ +- com.sun.org.apache.bcel.internal.,\ +- com.sun.org.apache.regexp.internal.,\ +- com.sun.org.apache.xerces.internal.,\ +- com.sun.org.apache.xpath.internal.,\ +- com.sun.org.apache.xalan.internal.extensions.,\ +- com.sun.org.apache.xalan.internal.lib.,\ +- com.sun.org.apache.xalan.internal.res.,\ +- com.sun.org.apache.xalan.internal.templates.,\ +- com.sun.org.apache.xalan.internal.xslt.,\ +- com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ +- com.sun.org.apache.xalan.internal.xsltc.compiler.,\ +- com.sun.org.apache.xalan.internal.xsltc.trax.,\ +- com.sun.org.apache.xalan.internal.xsltc.util.,\ +- com.sun.org.apache.xml.internal.res.,\ +- com.sun.org.apache.xml.internal.serializer.utils.,\ +- com.sun.org.apache.xml.internal.utils.,\ +- com.sun.org.apache.xml.internal.security.,\ +- com.sun.org.glassfish.,\ +- org.jcp.xml.dsig.internal. +- +-# +-# Determines whether this properties file can be appended to +-# or overridden on the command line via -Djava.security.properties +-# +-security.overridePropertiesFile=true +- +-# +-# Determines the default key and trust manager factory algorithms for +-# the javax.net.ssl package. +-# +-ssl.KeyManagerFactory.algorithm=SunX509 +-ssl.TrustManagerFactory.algorithm=PKIX +- +-# +-# The Java-level namelookup cache policy for successful lookups: +-# +-# any negative value: caching forever +-# any positive value: the number of seconds to cache an address for +-# zero: do not cache +-# +-# default value is forever (FOREVER). For security reasons, this +-# caching is made forever when a security manager is set. When a security +-# manager is not set, the default behavior in this implementation +-# is to cache for 30 seconds. +-# +-# NOTE: setting this to anything other than the default value can have +-# serious security implications. Do not set it unless +-# you are sure you are not exposed to DNS spoofing attack. +-# +-#networkaddress.cache.ttl=-1 +- +-# The Java-level namelookup cache policy for failed lookups: +-# +-# any negative value: cache forever +-# any positive value: the number of seconds to cache negative lookup results +-# zero: do not cache +-# +-# In some Microsoft Windows networking environments that employ +-# the WINS name service in addition to DNS, name service lookups +-# that fail may take a noticeably long time to return (approx. 5 seconds). +-# For this reason the default caching policy is to maintain these +-# results for 10 seconds. +-# +-# +-networkaddress.cache.negative.ttl=10 +- +-# +-# Properties to configure OCSP for certificate revocation checking +-# +- +-# Enable OCSP +-# +-# By default, OCSP is not used for certificate revocation checking. +-# This property enables the use of OCSP when set to the value "true". +-# +-# NOTE: SocketPermission is required to connect to an OCSP responder. +-# +-# Example, +-# ocsp.enable=true +- +-# +-# Location of the OCSP responder +-# +-# By default, the location of the OCSP responder is determined implicitly +-# from the certificate being validated. This property explicitly specifies +-# the location of the OCSP responder. The property is used when the +-# Authority Information Access extension (defined in RFC 3280) is absent +-# from the certificate or when it requires overriding. +-# +-# Example, +-# ocsp.responderURL=http://ocsp.example.net:80 +- +-# +-# Subject name of the OCSP responder's certificate +-# +-# By default, the certificate of the OCSP responder is that of the issuer +-# of the certificate being validated. This property identifies the certificate +-# of the OCSP responder when the default does not apply. Its value is a string +-# distinguished name (defined in RFC 2253) which identifies a certificate in +-# the set of certificates supplied during cert path validation. In cases where +-# the subject name alone is not sufficient to uniquely identify the certificate +-# then both the "ocsp.responderCertIssuerName" and +-# "ocsp.responderCertSerialNumber" properties must be used instead. When this +-# property is set then those two properties are ignored. +-# +-# Example, +-# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp" +- +-# +-# Issuer name of the OCSP responder's certificate +-# +-# By default, the certificate of the OCSP responder is that of the issuer +-# of the certificate being validated. This property identifies the certificate +-# of the OCSP responder when the default does not apply. Its value is a string +-# distinguished name (defined in RFC 2253) which identifies a certificate in +-# the set of certificates supplied during cert path validation. When this +-# property is set then the "ocsp.responderCertSerialNumber" property must also +-# be set. When the "ocsp.responderCertSubjectName" property is set then this +-# property is ignored. +-# +-# Example, +-# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp" +- +-# +-# Serial number of the OCSP responder's certificate +-# +-# By default, the certificate of the OCSP responder is that of the issuer +-# of the certificate being validated. This property identifies the certificate +-# of the OCSP responder when the default does not apply. Its value is a string +-# of hexadecimal digits (colon or space separators may be present) which +-# identifies a certificate in the set of certificates supplied during cert path +-# validation. When this property is set then the "ocsp.responderCertIssuerName" +-# property must also be set. When the "ocsp.responderCertSubjectName" property +-# is set then this property is ignored. +-# +-# Example, +-# ocsp.responderCertSerialNumber=2A:FF:00 +- +diff -r 3b6f55f02122 -r 2a023db33371 src/share/lib/security/java.security-linux +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ jdk/src/share/lib/security/java.security-linux Fri Oct 25 22:35:06 2013 +0100 +@@ -0,0 +1,311 @@ ++# ++# This is the "master security properties file". ++# ++# In this file, various security properties are set for use by ++# java.security classes. This is where users can statically register ++# Cryptography Package Providers ("providers" for short). The term ++# "provider" refers to a package or set of packages that supply a ++# concrete implementation of a subset of the cryptography aspects of ++# the Java Security API. A provider may, for example, implement one or ++# more digital signature algorithms or message digest algorithms. ++# ++# Each provider must implement a subclass of the Provider class. ++# To register a provider in this master security properties file, ++# specify the Provider subclass name and priority in the format ++# ++# security.provider.<n>=<className> ++# ++# This declares a provider, and specifies its preference ++# order n. The preference order is the order in which providers are ++# searched for requested algorithms (when no specific provider is ++# requested). The order is 1-based; 1 is the most preferred, followed ++# by 2, and so on. ++# ++# <className> must specify the subclass of the Provider class whose ++# constructor sets the values of various properties that are required ++# for the Java Security API to look up the algorithms or other ++# facilities implemented by the provider. ++# ++# There must be at least one provider specification in java.security. ++# There is a default provider that comes standard with the JDK. It ++# is called the "SUN" provider, and its Provider subclass ++# named Sun appears in the sun.security.provider package. Thus, the ++# "SUN" provider is registered via the following: ++# ++# security.provider.1=sun.security.provider.Sun ++# ++# (The number 1 is used for the default provider.) ++# ++# Note: Providers can be dynamically registered instead by calls to ++# either the addProvider or insertProviderAt method in the Security ++# class. ++ ++# ++# List of providers and their preference orders (see above): ++# ++security.provider.1=sun.security.provider.Sun ++security.provider.2=sun.security.rsa.SunRsaSign ++security.provider.3=com.sun.net.ssl.internal.ssl.Provider ++security.provider.4=com.sun.crypto.provider.SunJCE ++security.provider.5=sun.security.jgss.SunProvider ++security.provider.6=com.sun.security.sasl.Provider ++security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI ++security.provider.8=sun.security.smartcardio.SunPCSC ++ ++# ++# Select the source of seed data for SecureRandom. By default an ++# attempt is made to use the entropy gathering device specified by ++# the securerandom.source property. If an exception occurs when ++# accessing the URL then the traditional system/thread activity ++# algorithm is used. ++# ++# On Solaris and Linux systems, if file:/dev/urandom is specified and it ++# exists, a special SecureRandom implementation is activated by default. ++# This "NativePRNG" reads random bytes directly from /dev/urandom. ++# ++# On Windows systems, the URLs file:/dev/random and file:/dev/urandom ++# enables use of the Microsoft CryptoAPI seed functionality. ++# ++securerandom.source=file:/dev/urandom ++# ++# The entropy gathering device is described as a URL and can also ++# be specified with the system property "java.security.egd". For example, ++# -Djava.security.egd=file:/dev/urandom ++# Specifying this system property will override the securerandom.source ++# setting. ++ ++# ++# Class to instantiate as the javax.security.auth.login.Configuration ++# provider. ++# ++login.configuration.provider=com.sun.security.auth.login.ConfigFile ++ ++# ++# Default login configuration file ++# ++#login.config.url.1=file:${user.home}/.java.login.config ++ ++# ++# Class to instantiate as the system Policy. This is the name of the class ++# that will be used as the Policy object. ++# ++policy.provider=sun.security.provider.PolicyFile ++ ++# The default is to have a single system-wide policy file, ++# and a policy file in the user's home directory. ++policy.url.1=file:${java.home}/lib/security/java.policy ++policy.url.2=file:${user.home}/.java.policy ++ ++# whether or not we expand properties in the policy file ++# if this is set to false, properties (${...}) will not be expanded in policy ++# files. ++policy.expandProperties=true ++ ++# whether or not we allow an extra policy to be passed on the command line ++# with -Djava.security.policy=somefile. Comment out this line to disable ++# this feature. ++policy.allowSystemProperty=true ++ ++# whether or not we look into the IdentityScope for trusted Identities ++# when encountering a 1.1 signed JAR file. If the identity is found ++# and is trusted, we grant it AllPermission. ++policy.ignoreIdentityScope=false ++ ++# ++# Default keystore type. ++# ++keystore.type=jks ++ ++# ++# Class to instantiate as the system scope: ++# ++system.scope=sun.security.provider.IdentityDatabase ++ ++# ++# List of comma-separated packages that start with or equal this string ++# will cause a security exception to be thrown when ++# passed to checkPackageAccess unless the ++# corresponding RuntimePermission ("accessClassInPackage."+package) has ++# been granted. ++package.access=sun.,\ ++ com.sun.corba.se.impl.,\ ++ com.sun.xml.internal.,\ ++ com.sun.imageio.,\ ++ com.sun.istack.internal.,\ ++ com.sun.jmx.,\ ++ com.sun.proxy.,\ ++ com.sun.org.apache.bcel.internal.,\ ++ com.sun.org.apache.regexp.internal.,\ ++ com.sun.org.apache.xerces.internal.,\ ++ com.sun.org.apache.xpath.internal.,\ ++ com.sun.org.apache.xalan.internal.extensions.,\ ++ com.sun.org.apache.xalan.internal.lib.,\ ++ com.sun.org.apache.xalan.internal.res.,\ ++ com.sun.org.apache.xalan.internal.templates.,\ ++ com.sun.org.apache.xalan.internal.xslt.,\ ++ com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ ++ com.sun.org.apache.xalan.internal.xsltc.compiler.,\ ++ com.sun.org.apache.xalan.internal.xsltc.trax.,\ ++ com.sun.org.apache.xalan.internal.xsltc.util.,\ ++ com.sun.org.apache.xml.internal.res.,\ ++ com.sun.org.apache.xml.internal.serializer.utils.,\ ++ com.sun.org.apache.xml.internal.utils.,\ ++ com.sun.org.apache.xml.internal.security.,\ ++ com.sun.org.glassfish.,\ ++ org.jcp.xml.dsig.internal. ++ ++# ++# List of comma-separated packages that start with or equal this string ++# will cause a security exception to be thrown when ++# passed to checkPackageDefinition unless the ++# corresponding RuntimePermission ("defineClassInPackage."+package) has ++# been granted. ++# ++# by default, none of the class loaders supplied with the JDK call ++# checkPackageDefinition. ++# ++package.definition=sun.,\ ++ com.sun.corba.se.impl.,\ ++ com.sun.xml.internal.,\ ++ com.sun.imageio.,\ ++ com.sun.istack.internal.,\ ++ com.sun.jmx.,\ ++ com.sun.proxy.,\ ++ com.sun.org.apache.bcel.internal.,\ ++ com.sun.org.apache.regexp.internal.,\ ++ com.sun.org.apache.xerces.internal.,\ ++ com.sun.org.apache.xpath.internal.,\ ++ com.sun.org.apache.xalan.internal.extensions.,\ ++ com.sun.org.apache.xalan.internal.lib.,\ ++ com.sun.org.apache.xalan.internal.res.,\ ++ com.sun.org.apache.xalan.internal.templates.,\ ++ com.sun.org.apache.xalan.internal.xslt.,\ ++ com.sun.org.apache.xalan.internal.xsltc.cmdline.,\ ++ com.sun.org.apache.xalan.internal.xsltc.compiler.,\ ++ com.sun.org.apache.xalan.internal.xsltc.trax.,\ ++ com.sun.org.apache.xalan.internal.xsltc.util.,\ ++ com.sun.org.apache.xml.internal.res.,\ ++ com.sun.org.apache.xml.internal.serializer.utils.,\ ++ com.sun.org.apache.xml.internal.utils.,\ ++ com.sun.org.apache.xml.internal.security.,\ ++ com.sun.org.glassfish.,\ ++ org.jcp.xml.dsig.internal. ++ ++# ++# Determines whether this properties file can be appended to ++# or overridden on the command line via -Djava.security.properties ++# ++security.overridePropertiesFile=true ++ ++# ++# Determines the default key and trust manager factory algorithms for ++# the javax.net.ssl package. ++# ++ssl.KeyManagerFactory.algorithm=SunX509 ++ssl.TrustManagerFactory.algorithm=PKIX ++ ++# ++# The Java-level namelookup cache policy for successful lookups: ++# ++# any negative value: caching forever ++# any positive value: the number of seconds to cache an address for ++# zero: do not cache ++# ++# default value is forever (FOREVER). For security reasons, this ++# caching is made forever when a security manager is set. When a security ++# manager is not set, the default behavior in this implementation ++# is to cache for 30 seconds. ++# ++# NOTE: setting this to anything other than the default value can have ++# serious security implications. Do not set it unless ++# you are sure you are not exposed to DNS spoofing attack. ++# ++#networkaddress.cache.ttl=-1 ++ ++# The Java-level namelookup cache policy for failed lookups: ++# ++# any negative value: cache forever ++# any positive value: the number of seconds to cache negative lookup results ++# zero: do not cache ++# ++# In some Microsoft Windows networking environments that employ ++# the WINS name service in addition to DNS, name service lookups ++# that fail may take a noticeably long time to return (approx. 5 seconds). ++# For this reason the default caching policy is to maintain these ++# results for 10 seconds. ++# ++# ++networkaddress.cache.negative.ttl=10 ++ ++# ++# Properties to configure OCSP for certificate revocation checking ++# ++ ++# Enable OCSP ++# ++# By default, OCSP is not used for certificate revocation checking. ++# This property enables the use of OCSP when set to the value "true". ++# ++# NOTE: SocketPermission is required to connect to an OCSP responder. ++# ++# Example, ++# ocsp.enable=true ++ ++# ++# Location of the OCSP responder ++# ++# By default, the location of the OCSP responder is determined implicitly ++# from the certificate being validated. This property explicitly specifies ++# the location of the OCSP responder. The property is used when the ++# Authority Information Access extension (defined in RFC 3280) is absent ++# from the certificate or when it requires overriding. ++# ++# Example, ++# ocsp.responderURL=http://ocsp.example.net:80 ++ ++# ++# Subject name of the OCSP responder's certificate ++# ++# By default, the certificate of the OCSP responder is that of the issuer ++# of the certificate being validated. This property identifies the certificate ++# of the OCSP responder when the default does not apply. Its value is a string ++# distinguished name (defined in RFC 2253) which identifies a certificate in ++# the set of certificates supplied during cert path validation. In cases where ++# the subject name alone is not sufficient to uniquely identify the certificate ++# then both the "ocsp.responderCertIssuerName" and ++# "ocsp.responderCertSerialNumber" properties must be used instead. When this ++# property is set then those two properties are ignored. ++# ++# Example, ++# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp" ++ ++# ++# Issuer name of the OCSP responder's certificate ++# ++# By default, the certificate of the OCSP responder is that of the issuer ++# of the certificate being validated. This property identifies the certificate ++# of the OCSP responder when the default does not apply. Its value is a string ++# distinguished name (defined in RFC 2253) which identifies a certificate in ++# the set of certificates supplied during cert path validation. When this ++# property is set then the "ocsp.responderCertSerialNumber" property must also ++# be set. When the "ocsp.responderCertSubjectName" property is set then this ++# property is ignored. ++# ++# Example, ++# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp" ++ ++# ++# Serial number of the OCSP responder's certificate ++# ++# By default, the certificate of the OCSP responder is that of the issuer ++# of the certificate being validated. This property identifies the certificate ++# of the OCSP responder when the default does not apply. Its value is a string ++# of hexadecimal digits (colon or space separators may be present) which ++# identifies a certificate in the set of certificates supplied during cert path ++# validation. When this property is set then the "ocsp.responderCertIssuerName" ++# property must also be set. When the "ocsp.responderCertSubjectName" property ++# is set then this property is ignored. ++# ++# Example, ++# ocsp.responderCertSerialNumber=2A:FF:00 ++ |