RFR 8193255: Root Certificates should be stored in text format and assembled at build time
Sean Mullan
sean.mullan at oracle.com
Thu May 30 22:51:54 UTC 2019
One suggestion is to put a printable form of the contents of the
certificate at the top of each of the PEM files. It would be nice as a
quick-look to see what is in the certificate. Of course, you can also
use keytool -printcert to do that, but if I am just perusing the source
code via a browser or something like that, it would be nice to not have
to do that.
--Sean
On 5/30/19 9:01 AM, Weijun Wang wrote:
> Please take a review at
>
> http://cr.openjdk.java.net/~weijun/8193255/webrev.00/
>
> Please pay attention to the 1st 3 and the last 2 files. Others are PEM files for all certs inside the original cacerts.
>
> There is one thing I cannot get correct. If I update the GenerateCacerts.java file and rerun make, the cacerts file is unchanged. I thought the following line
>
> $(GENDATA_CACERTS): $(BUILD_TOOLS) $(GENDATA_CACERTS_SRC)
>
> means when when the tool is changed, GENDATA_CACERTS will be called.
>
> Thanks,
> Max
>
More information about the security-dev
mailing list