RFR 8176350: Usage constraints don't take effect when using PKIX

Xuelei Fan xuelei.fan at oracle.com
Wed Mar 8 21:42:31 UTC 2017


Looks fine to me except a minor comment.

In the update of DisabledAlgorithmConstraints.java, the dumping of stack 
trace for every checking could increase the debug log size a lot.  There 
is no verbose option for 'certpath' debug.  What do you think if only 
dumping the log when the usage is not allowed?

Xuelei

On 3/8/2017 1:15 PM, Anthony Scarpino wrote:
> Hi,
>
> I need a code review of this small change.. The PKIX path for usage
> checking didn't pass the variant to the checkers because of a previous
> needed check for plugins.
>
> http://cr.openjdk.java.net/~ascarpino/8176350/webrev/
>
> thanks
>
> Tony



More information about the security-dev mailing list