webrev request: JDK-6996377
Jamil Nimeh
jamil.j.nimeh at oracle.com
Thu May 8 13:55:29 UTC 2014
Ah, didn't know that we were moving away from the scripts. I had
thought about hard-coding certs, but I liked the on-the-fly generation
approach because it kept the validity periods always within current
time. But it's easy to just make really long lived certs so I'll make
that change.
I'll make the change on line 130 as well and look for any other
instances where I'm doing that.
Thanks!
--Jamil
On 05/08/2014 06:50 AM, Sean Mullan wrote:
> On 05/07/2014 03:12 PM, Jamil Nimeh wrote:
>> Please review the webrev for JDK-6996377 when you get a chance.
>>
>> http://cr.openjdk.java.net/~ascarpino/6996377/webrev.01/
>
> - PKIXValidator[130]: you can use the diamond operator to make the
> code more concise:
>
> new HashMap<>();
>
> - shell script tests are somewhat discouraged going forward, since
> they are harder to debug and can have various cross-platform issues,
> etc. Do you think you could try to just create a Java test? One option
> is to hard-code the certs (base64-encoded) inside the Java source code
> and use CertificateFactory to instantiate them. If you do that, you
> should include the keytool commands that you used to create the certs
> in comments so that they can be re-created later on if necessary.
>
> --Sean
>
More information about the security-dev
mailing list