webrev request: JDK-6996377

Jamil Nimeh jamil.j.nimeh at oracle.com
Thu May 8 13:55:29 UTC 2014


Ah, didn't know that we were moving away from the scripts.  I had 
thought about hard-coding certs, but I liked the on-the-fly generation 
approach because it kept the validity periods always within current 
time.  But it's easy to just make really long lived certs so I'll make 
that change.

I'll make the change on line 130 as well and look for any other 
instances where I'm doing that.

Thanks!

--Jamil

On 05/08/2014 06:50 AM, Sean Mullan wrote:
> On 05/07/2014 03:12 PM, Jamil Nimeh wrote:
>> Please review the webrev for JDK-6996377 when you get a chance.
>>
>> http://cr.openjdk.java.net/~ascarpino/6996377/webrev.01/
>
> - PKIXValidator[130]: you can use the diamond operator to make the 
> code more concise:
>
>     new HashMap<>();
>
> - shell script tests are somewhat discouraged going forward, since 
> they are harder to debug and can have various cross-platform issues, 
> etc. Do you think you could try to just create a Java test? One option 
> is to hard-code the certs (base64-encoded) inside the Java source code 
> and use CertificateFactory to instantiate them. If you do that, you 
> should include the keytool commands that you used to create the certs 
> in comments so that they can be re-created later on if necessary.
>
> --Sean
>




More information about the security-dev mailing list