I know there are two different ways, CRL's and OCSP - I am researching where exactly in Java's SSL source code (openjdk) that these checks are performed.
As far as I can ascertain these checks are performed somewhere within the X509TrustManager#checkClientTrusted(...) and most likely passed around with a PKIXBuilderParameters object.
Can anybody locate the exact area where SSL initiates the checks on a certificate/chain that runs through the CLR data / OCSP?
An example from other security libraries would also work (such as Spring or Apache Commons)
Apache uses the library Bouncy Castle for their OCSP and CRL Verifiers. You can find these classes in their svn repository.
You find the OCSP-Handling in their OCSPVerifier and the CRL-handling in their CRLVerifier