added use of default on CRL sign check.

dghgit · dghgit · commit f00ed63860f3 · 2024-05-01T14:20:36.000+10:00
diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/prov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
@@ -560,7 +560,7 @@ protected static Set processCRLF(
    
             if (keyUsage == null)
             {
-                if (Properties.isOverrideSet("org.bouncycastle.x509.allow_ca_without_crl_sign"))
+                if (Properties.isOverrideSet("org.bouncycastle.x509.allow_ca_without_crl_sign", true))
                 {
                     checkKeys.add(validKeys.get(i));
                 }
@@ -1448,18 +1448,16 @@ protected static void processCertA(
         {
             throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
         }
-        System.err.println(cert.getIssuerX500Principal());
-        System.err.println(cert.getSubjectX500Principal());
+
         //
         // (a) (3)
         //
         if (revocationChecker != null)
         {
             revocationChecker.initialize(new PKIXCertRevocationCheckerParameters(paramsPKIX, validCertDate, certPath,
                 index, sign, workingPublicKey));
-            System.err.println("in revocation");
+
             revocationChecker.check(cert);
-            System.err.println("leaving revocation");
         }
 
         //

Original file line number	Diff line number	Diff line change
`@@ -560,7 +560,7 @@ protected static Set processCRLF(`
`560`	`560`
`561`	`561`	`if (keyUsage == null)`
`562`	`562`	`{`
`563`		`- if (Properties.isOverrideSet("org.bouncycastle.x509.allow_ca_without_crl_sign"))`
	`563`	`+ if (Properties.isOverrideSet("org.bouncycastle.x509.allow_ca_without_crl_sign", true))`
`564`	`564`	`{`
`565`	`565`	`checkKeys.add(validKeys.get(i));`
`566`	`566`	`}`
`@@ -1448,18 +1448,16 @@ protected static void processCertA(`
`1448`	`1448`	`{`
`1449`	`1449`	`throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);`
`1450`	`1450`	`}`
`1451`		`- System.err.println(cert.getIssuerX500Principal());`
`1452`		`- System.err.println(cert.getSubjectX500Principal());`
	`1451`	`+`
`1453`	`1452`	`//`
`1454`	`1453`	`// (a) (3)`
`1455`	`1454`	`//`
`1456`	`1455`	`if (revocationChecker != null)`
`1457`	`1456`	`{`
`1458`	`1457`	`revocationChecker.initialize(new PKIXCertRevocationCheckerParameters(paramsPKIX, validCertDate, certPath,`
`1459`	`1458`	`index, sign, workingPublicKey));`
`1460`		`- System.err.println("in revocation");`
	`1459`	`+`
`1461`	`1460`	`revocationChecker.check(cert);`
`1462`		`- System.err.println("leaving revocation");`
`1463`	`1461`	`}`
`1464`	`1462`
`1465`	`1463`	`//`