RFR 8176350: Usage constraints don't take effect when using PKIX
Xuelei Fan
xuelei.fan at oracle.com
Wed Mar 8 21:42:31 UTC 2017
Looks fine to me except a minor comment.
In the update of DisabledAlgorithmConstraints.java, the dumping of stack
trace for every checking could increase the debug log size a lot. There
is no verbose option for 'certpath' debug. What do you think if only
dumping the log when the usage is not allowed?
Xuelei
On 3/8/2017 1:15 PM, Anthony Scarpino wrote:
> Hi,
>
> I need a code review of this small change.. The PKIX path for usage
> checking didn't pass the variant to the checkers because of a previous
> needed check for plugins.
>
> http://cr.openjdk.java.net/~ascarpino/8176350/webrev/
>
> thanks
>
> Tony
More information about the security-dev
mailing list