RFR 8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
Erik Joelsson
erik.joelsson at oracle.com
Fri Mar 18 17:27:44 UTC 2016
Much better, and thank you for fixing the existing mkdir/echo lines too.
Just one nit, for this continuation:
$(TOOL_CACERTSHASHER) -i $(GENDATA_CACERTSHASHER_IN) \
-o $(GENDATA_CACERTSHASHER)
please use tab+4spaces for the second line. No need to resend webrev for
that. See [1] for our build system code conventions.
[1] http://openjdk.java.net/groups/build/doc/code-conventions.html
/Erik
On 2016-03-18 18:09, Anthony Scarpino wrote:
> I believe I got everyone's comments. I've updated the webrev.
>
> http://cr.openjdk.java.net/~ascarpino/8140422/webrev.02/
>
> Thanks
>
> Tony
>
>
> On 02/29/2016 08:55 AM, Anthony Scarpino wrote:
>> Currently CertPath algorithm restrictions allow or deny all
>> certificates. This change adds the ability to reject certificate chains
>> that contain a restricted algorithm and the chain terminates at a root
>> CA; therefore, allowing a self-signed or chain that does not terminate
>> at a root CA.
>>
>> https://bugs.openjdk.java.net/browse/JDK-8140422
>>
>> Thanks
>>
>> Tony
>>
>
More information about the security-dev
mailing list