code review request: 7081411: Change more keytool -genkeypair to RSA
Xuelei Fan
xuelei.fan at oracle.com
Tue Aug 30 14:36:56 UTC 2011
The update, in both open and closed repositories, looks fine to me.
However, the following reason cannot convince me of the necessity to
make the change.
> Because of the Solaris DSA bug described in 7041639, we keep seeing
> tests generating DSA key pairs failing. Therefore I'm changing most
> keypair generation to use RSA instead.
Most of the updated tests using the default key algorithm ("DSA"). I'm
thinking, shall we replace "RSA" back with "DSA" again when there is a
RSA bug in the native libraries in the future? It may be not a good
choice to cut the tests to fit problematic platform. These tests are
also very good test to find the potential problems, right? When we
change the test to be able to passed on all platform, the test may lost
it function to find potential issues partially.
Just my very personal view.
Thanks,
Xuelei
On 8/30/2011 8:26 PM, Weijun Wang wrote:
> Hi All
>
> 7081411: Change more keytool -genkeypair to RSA
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7081411
>
> Webrev at http://cr.openjdk.java.net/~weijun/7081411/webrev.01/
>
> Because of the Solaris DSA bug described in 7041639, we keep seeing
> tests generating DSA key pairs failing. Therefore I'm changing most
> keypair generation to use RSA instead.
>
> In all code changes, KeyToolTest.java is called by standard.sh, which
> makes so many "keytool -genkeypair" calls that I decide to add "-keysize
> 512" to make it fast. Please note that in this test there are still
> explicit calls to "-genkeypair -keyalg dsa". These still have a chance
> to fail on Solaris, but I like to keep them there to make the test
> complete.
>
> Code changes in the closed repo will be sent in another mail.
>
> Thanks
> Max
>
More information about the security-dev
mailing list