RFR 8072394: java.security.cert.PolicyQualifierInfo needs value-based equality
Florian Weimer
fweimer at redhat.com
Mon Apr 6 20:18:48 UTC 2015
On 03/04/2015 06:47 PM, Sean Mullan wrote:
> I can take care of filing an internal CCC and will let you know when
> that is approved or if there are any questions.
This new webrev incorporates feedback from the CCC:
<http://cr.openjdk.java.net/~fweimer/8072394/webrev.03/>
This needs additional tests, but I want to check first if the direction
is okay.
The PolicyQualifierInfoSet class is needed because there is no existing
LinkedTreeSet class. I do not want to continue to use LinkedHashSet
because of the denial of service risk from hash collisions (this was not
a problem before because the hash was identity-based), and the cost of
computing hash codes even for single-element sets.
--
Florian Weimer / Red Hat Product Security
More information about the security-dev
mailing list