7054637 closed/lib/security/cacerts/VerifyCACerts.java failed on solaris 11

Valerie (Yu-Ching) Peng valerie.peng at oracle.com
Wed Sep 14 13:30:47 PDT 2011

As long as Solaris supports both key formats after fixing 6830224, then 
it'd be fine, I guess.

Oh, are you gonna change the synopsis to describe the cause of the 
problem? I'd also prefer it that way.

On 09/14/11 11:17, Vincent Ryan wrote:
> Please review the following fix to the SunPKCS11 JCE provider:
> http://cr.openjdk.java.net/~vinnie/7054637/webrev.00/
> The problem is that some older PKCS11 tokens support only the raw encoding for
> EC point in Elliptic Curve public keys. This fix introduces a configuration
> attribute that controls whether the raw-encoding or DER-encoding shall be used.
> It aids interoperability between older and newer PKCS11 tokens.
> Thanks.

More information about the security-dev mailing list