Stay organized with collections
Save and categorize content based on your preferences.
AI-generated Key Takeaways
PKIXRevocationChecker.Option is an enum defining various options for certificate revocation checking mechanisms.
Options include disabling fallback (NO_FALLBACK), checking only end-entity certificates (ONLY_END_ENTITY), preferring CRLs over OCSP (PREFER_CRLS), and allowing checks to succeed under specific soft-fail conditions (SOFT_FAIL).
Each option influences how the revocation status of certificates is determined during the validation process.
SOFT_FAIL allows for network errors or specific OCSP responder errors to be ignored but recorded as exceptions retrievable through getSoftFailExceptions.
Compares this object with the specified object for order.
Enum Values
public
static
final
PKIXRevocationChecker.Option
NO_FALLBACK
Disable the fallback mechanism.
public
static
final
PKIXRevocationChecker.Option
ONLY_END_ENTITY
Only check the revocation status of end-entity certificates.
public
static
final
PKIXRevocationChecker.Option
PREFER_CRLS
Prefer CRLs to OSCP. The default behavior is to prefer OCSP. Each
PKIX implementation should document further details of their
specific preference rules and fallback policies.
public
static
final
PKIXRevocationChecker.Option
SOFT_FAIL
Allow revocation check to succeed if the revocation status cannot be
determined for one of the following reasons:
The CRL or OCSP response cannot be obtained because of a
network error.
The OCSP responder returns one of the following errors
specified in section 2.3 of RFC 2560: internalError or tryLater.
Note that these conditions apply to both OCSP and CRLs, and unless
the NO_FALLBACK option is set, the revocation check is
allowed to succeed only if both mechanisms fail under one of the
conditions as stated above.
Exceptions that cause the network errors are ignored but can be
later retrieved by calling the
getSoftFailExceptions method.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-07-10 UTC."],[],[]]