RFR 8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
Anthony Scarpino
anthony.scarpino at oracle.com
Wed Mar 16 20:18:02 UTC 2016
Ok.. thanks.. I'll make those changes..
Tony
On 03/12/2016 07:37 AM, Erik Joelsson wrote:
> Hello Anthony,
>
> I realize you followed the patterns already in the file and we
> apparently haven't updated that file to follow latest standards. I would
> like you to change the following:
>
> $(ECHO) foo
>
> should be
>
> $(call LogInfo, foo)
>
> and
>
> $(MKDIR) -p foo
>
> should be
>
> $(call MakeDir, foo)
>
> I also don't know what the "|| exit 1" is good for. I think it should
> just be removed.
>
> Finally for indentation, in recipes we recommend:
>
> <tab>some command with arguments \
> <tab><4 spaces>some more arguments
>
> Otherwise it looks good.
>
> /Erik
>
> On 2016-03-11 22:43, Anthony Scarpino wrote:
>>
>> I updated the webrev and added the build-dev list as there are two
>> makefile changes.
>>
>> http://cr.openjdk.java.net/~ascarpino/8140422/webrev.01/
>>
>> thanks
>>
>> Tony
>>
>> On 02/29/2016 08:55 AM, Anthony Scarpino wrote:
>>> I need a code review of this change:
>>>
>>> Currently CertPath algorithm restrictions allow or deny all
>>> certificates. This change adds the ability to reject certificate chains
>>> that contain a restricted algorithm and the chain terminates at a root
>>> CA; therefore, allowing a self-signed or chain that does not terminate
>>> at a root CA.
>>>
>>> https://bugs.openjdk.java.net/browse/JDK-8140422
>>
>>
>
More information about the build-dev
mailing list