[11u]: RFR: Backport of 8215694: keytool cannot generate RSASSA-PSS certificates

Langer, Christoph christoph.langer at sap.com
Mon Jul 1 14:25:45 UTC 2019

Hi Paul,

thanks for your review.

> In CertAndKeyGen.java, does generate() need a throws declaration?

It doesn't. IllegalArgumentException is a RuntimeException and as such doesn't need a throws declaration. And InvalidKeyException is obviously not needed and was removed in the original changeset as well.

> Otherwise looks good.

Thanks. I also asked Max Wang to have a look off list and he seems to agree as well.

> We've been talking about backporting patches with CSRs and have done at
> least one. Imo, 8076190 and 8213400 are good backport candidates since the
> spec changes are minor.

Yes, a CSR is not necessarily a showstopper for a backport. But as it is not my area of expertise and there's no other reason that makes backports of these bugs important to me, I don't want to take the additional work and responsibility for these backports. But feel free to do this ��

So, I guess I'm good to push this, once approved.


More information about the security-dev mailing list