Added in API level 24

Option

class Option

kotlin.Any
↳	kotlin.Enum<java.security.cert.PKIXRevocationChecker.Option>
	↳	java.security.cert.PKIXRevocationChecker.Option

Known Direct Subclasses

PKIXRevocationChecker.Option.NO_FALLBACK, PKIXRevocationChecker.Option.ONLY_END_ENTITY, PKIXRevocationChecker.Option.PREFER_CRLS, PKIXRevocationChecker.Option.SOFT_FAIL

PKIXRevocationChecker.Option.NO_FALLBACK	Disable the fallback mechanism.
PKIXRevocationChecker.Option.ONLY_END_ENTITY	Only check the revocation status of end-entity certificates.
PKIXRevocationChecker.Option.PREFER_CRLS	Prefer CRLs to OSCP.
PKIXRevocationChecker.Option.SOFT_FAIL	Allow revocation check to succeed if the revocation status cannot be determined for one of the following reasons: The CRL or OCSP response cannot be obtained because of a network error. The OCSP responder returns one of the following errors specified in section 2.3 of RFC 2560: internalError or tryLater. Note that these conditions apply to both OCSP and CRLs, and unless the `NO_FALLBACK` option is set, the revocation check is allowed to succeed only if both mechanisms fail under one of the conditions as stated above.

Various revocation options that can be specified for the revocation checking mechanism.

Summary

Enum values
`NO_FALLBACK` Disable the fallback mechanism.
`ONLY_END_ENTITY` Only check the revocation status of end-entity certificates.
`PREFER_CRLS` Prefer CRLs to OSCP.
`SOFT_FAIL` Allow revocation check to succeed if the revocation status cannot be determined for one of the following reasons: The CRL or OCSP response cannot be obtained because of a network error. The OCSP responder returns one of the following errors specified in section 2.3 of RFC 2560: internalError or tryLater. Note that these conditions apply to both OCSP and CRLs, and unless the `NO_FALLBACK` option is set, the revocation check is allowed to succeed only if both mechanisms fail under one of the conditions as stated above.

Enum values

NO_FALLBACK

Added in API level 24

enum val NO_FALLBACK : PKIXRevocationChecker.Option

Disable the fallback mechanism.

ONLY_END_ENTITY

Added in API level 24

enum val ONLY_END_ENTITY : PKIXRevocationChecker.Option

Only check the revocation status of end-entity certificates.

PREFER_CRLS

Added in API level 24

enum val PREFER_CRLS : PKIXRevocationChecker.Option

Prefer CRLs to OSCP. The default behavior is to prefer OCSP. Each PKIX implementation should document further details of their specific preference rules and fallback policies.

SOFT_FAIL

Added in API level 24

enum val SOFT_FAIL : PKIXRevocationChecker.Option

Allow revocation check to succeed if the revocation status cannot be determined for one of the following reasons:

The CRL or OCSP response cannot be obtained because of a network error.
The OCSP responder returns one of the following errors specified in section 2.3 of RFC 2560: internalError or tryLater.

Note that these conditions apply to both OCSP and CRLs, and unless the NO_FALLBACK option is set, the revocation check is allowed to succeed only if both mechanisms fail under one of the conditions as stated above. Exceptions that cause the network errors are ignored but can be later retrieved by calling the getSoftFailExceptions method.