[9] RFR: 8059916: Change default criticality of policy mappings and policy constraints certificate extensions

Jason Uh jason.uh at oracle.com
Tue Jan 13 18:48:35 UTC 2015


Thanks, Sean. Could you also look at one more change I've added?

http://cr.openjdk.java.net/~juh/8059916/02/

Line 103 of PolicyMappingsExtension.java:
-        extensionId = PKIXExtensions.KeyUsage_Id;
-        critical = false;
+        extensionId = PKIXExtensions.PolicyMappings_Id;
+        critical = true;

(Good catch, Jamil.)

Jason

On 1/13/15 4:55 AM, Sean Mullan wrote:
> Looks good to me.
>
> --Sean
>
> On 01/12/2015 06:56 PM, Jason Uh wrote:
>> Please review this change, which changes the default criticality of the
>> policy mappings and policy constraints certificate extensions. This
>> change makes both extensions critical by default, per RFC 5280.
>>
>> webrev: http://cr.openjdk.java.net/~juh/8059916/01/webrev
>> bug: https://bugs.openjdk.java.net/browse/JDK-8059916
>>
>> Thanks,
>> Jason



More information about the security-dev mailing list