RFR 8242184: CRL generation error with RSASSA-PSS
Weijun Wang
weijun.wang at oracle.com
Wed Apr 15 12:28:34 UTC 2020
> On Apr 9, 2020, at 3:46 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> On 4/6/20 11:11 PM, Weijun Wang wrote:
>> Please review the fix at
>> http://cr.openjdk.java.net/~weijun/8242184/webrev.00/
>> The major change is inside X509CRLImpl.java to allow params setting and reading.
>> I also take this chance to:
>> 1. Provide a default -sigalg for "keytool -genkeypair -keyalg rsassa-pss".
>
> I think you should file a CSR for that, since it is a new default, and the default varies based on the size of the key. You should also update the keytool man page section on defaults.
I've filed a CSR at https://bugs.openjdk.java.net/browse/JDK-8242812. Please take a review.
Here, actually when the key is RSASSA-PSS, the default signature is simply RSASSA-PSS, and its parameters will take the same from the key itself, and not related to the key size.
Thanks,
Max
>
> --Sean
>
>> 2. Revert a former change in X509CertImpl.java, which might be a safer call.
>> Thanks,
>> Max
More information about the security-dev
mailing list