Fwd: CR 6958869/6u21 Updated, P2 java/classes_secu regression: PKIXValidator fails when multiple trust anchors have same dn

Weijun Wang Weijun.Wang at Sun.COM
Thu Jun 10 21:04:24 PDT 2010


Hi Joe

This is a last minute fix to 6948803. You've already approved 6948803 to be included in openjdk-6. Now I request 6958869 to be included as well. I've been busy recently so have no time to really push 6948803, I plan to push a combined changeset with both bug IDs in the description.

The webrev is here (the changeset for 6u21, I'll add copyright info to test):

   http://cr.openjdk.java.net/~weijun/6958869/6/webrev.00/

Basically the Map<Subject,Certificate> is changed to Map<Subject,List<PublicKey>> so that no one is missing even if there are duplicated subject names. The Certificate->PublicKey change makes coding easy, since we only compares public keys, and a keyList.contains(key) is simpler than

    for (c in certList)
      if (c.getPublicKey().equals(key)) return true;
      else continue;
    return false
 
Thanks
Max

Begin forwarded message:

> === Field ============ === New Value ============= === Old Value =============
> Keyword                6u21-yes-b06                                           
> ====================== =========================== ===========================
> 
> *Change Request ID*: 6958869/6u21
> *Synopsis*: regression: PKIXValidator fails when multiple trust anchors have same dn



More information about the jdk6-dev mailing list