Fwd: CR 6958869/6u21 Updated, P2 java/classes_secu regression: PKIXValidator fails when multiple trust anchors have same dn
Joe Darcy
joe.darcy at oracle.com
Fri Jun 11 13:22:27 PDT 2010
Hello Max.
Weijun Wang wrote:
> Hi Joe
>
> This is a last minute fix to 6948803. You've already approved 6948803 to be included in openjdk-6. Now I request 6958869 to be included as well. I've been busy recently so have no time to really push 6948803, I plan to push a combined changeset with both bug IDs in the description.
>
> The webrev is here (the changeset for 6u21, I'll add copyright info to test):
>
> http://cr.openjdk.java.net/~weijun/6958869/6/webrev.00/
>
> Basically the Map<Subject,Certificate> is changed to Map<Subject,List<PublicKey>> so that no one is missing even if there are duplicated subject names. The Certificate->PublicKey change makes coding easy, since we only compares public keys, and a keyList.contains(key) is simpler than
>
> for (c in certList)
> if (c.getPublicKey().equals(key)) return true;
> else continue;
> return false
>
> Thanks
> Max
>
>
On
90 } else {
91 keys = new ArrayList<PublicKey>();
92 trustedSubjects.put(dn, keys);
If you need an unmodifiable empty list, you could use
Collections.emptyList().
Your two bugs are approved for OpenJDK 6 with the following caveats,
make sure the license on PKIXValidator.java in OpenJDK 6 is the GPL + CP
rather than the TLDA and that, as you're already noted, the test file
has a proper Oracle GPL copyright.
Please get this back by COB Monday June 13.
Cheers,
-Joe
More information about the jdk6-dev
mailing list