7054637 closed/lib/security/cacerts/VerifyCACerts.java failed on solaris 11

Vincent Ryan vincent.x.ryan at oracle.com
Wed Sep 14 11:17:13 PDT 2011


Please review the following fix to the SunPKCS11 JCE provider:

http://cr.openjdk.java.net/~vinnie/7054637/webrev.00/

The problem is that some older PKCS11 tokens support only the raw encoding for
EC point in Elliptic Curve public keys. This fix introduces a configuration
attribute that controls whether the raw-encoding or DER-encoding shall be used.

It aids interoperability between older and newer PKCS11 tokens.

Thanks.





More information about the security-dev mailing list