RFR 8215776: Keytool importkeystore may mix up certificate chain entries when DNs conflict
Xuelei Fan
xuelei.fan at oracle.com
Wed Jan 16 17:49:43 UTC 2019
Hi Max,
I did not look into the detailed implementation of findIssuer() yet.
Have you considered to use java.security.cert.X509CertSelector?
Thanks,
Xuelei
On 1/9/2019 6:59 AM, Weijun Wang wrote:
> Please take a review at
>
> https://cr.openjdk.java.net/~weijun/8215776/webrev.00/
>
> PKCS12KeyStore now can find certificate issuers more precisely using SubjectKeyIdentifier and AuthorityKeyIdentifier. I thought about using CertPath builder or checking signatures but those changes are too much.
>
> Thanks,
> Max
>
More information about the security-dev
mailing list