RFR 8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
Anthony Scarpino
anthony.scarpino at oracle.com
Mon Feb 29 16:55:15 UTC 2016
I need a code review of this change:
http://cr.openjdk.java.net/~ascarpino/8140422/webrev/
Currently CertPath algorithm restrictions allow or deny all
certificates. This change adds the ability to reject certificate chains
that contain a restricted algorithm and the chain terminates at a root
CA; therefore, allowing a self-signed or chain that does not terminate
at a root CA.
https://bugs.openjdk.java.net/browse/JDK-8140422
Thanks
Tony
More information about the security-dev
mailing list