RFR 8242184: CRL generation error with RSASSA-PSS
Sean Mullan
sean.mullan at oracle.com
Wed Apr 8 19:46:50 UTC 2020
On 4/6/20 11:11 PM, Weijun Wang wrote:
> Please review the fix at
>
> http://cr.openjdk.java.net/~weijun/8242184/webrev.00/
>
> The major change is inside X509CRLImpl.java to allow params setting and reading.
>
> I also take this chance to:
>
> 1. Provide a default -sigalg for "keytool -genkeypair -keyalg rsassa-pss".
I think you should file a CSR for that, since it is a new default, and
the default varies based on the size of the key. You should also update
the keytool man page section on defaults.
--Sean
> 2. Revert a former change in X509CertImpl.java, which might be a safer call.
>
> Thanks,
> Max
>
More information about the security-dev
mailing list