RFR 8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
Anthony Scarpino
anthony.scarpino at oracle.com
Fri Mar 18 17:34:39 UTC 2016
ok.. thanks
Tony
On 03/18/2016 10:27 AM, Erik Joelsson wrote:
> Much better, and thank you for fixing the existing mkdir/echo lines too.
> Just one nit, for this continuation:
>
> $(TOOL_CACERTSHASHER) -i $(GENDATA_CACERTSHASHER_IN) \
> -o $(GENDATA_CACERTSHASHER)
>
> please use tab+4spaces for the second line. No need to resend webrev for
> that. See [1] for our build system code conventions.
>
> [1] http://openjdk.java.net/groups/build/doc/code-conventions.html
>
> /Erik
>
> On 2016-03-18 18:09, Anthony Scarpino wrote:
>> I believe I got everyone's comments. I've updated the webrev.
>>
>> http://cr.openjdk.java.net/~ascarpino/8140422/webrev.02/
>>
>> Thanks
>>
>> Tony
>>
>>
>> On 02/29/2016 08:55 AM, Anthony Scarpino wrote:
>>> Currently CertPath algorithm restrictions allow or deny all
>>> certificates. This change adds the ability to reject certificate chains
>>> that contain a restricted algorithm and the chain terminates at a root
>>> CA; therefore, allowing a self-signed or chain that does not terminate
>>> at a root CA.
>>>
>>> https://bugs.openjdk.java.net/browse/JDK-8140422
>>>
>>> Thanks
>>>
>>> Tony
>>>
>>
>
More information about the build-dev
mailing list