RFR[15]: 8186143: keytool -ext option doesn’t accept wildcards for DNS subject alternatives names
Hai-May Chao
hai-may.chao at oracle.com
Fri Mar 13 16:25:33 UTC 2020
Hi,
I need a code review for -
Bug: https://bugs.openjdk.java.net/browse/JDK-8186143
Webrev: http://cr.openjdk.java.net/~weijun/8186143/webrev.00/
The keytool -ext option doesn’t accept wildcards for DNS subject alternatives names in certificates. Certificates with wildcarded domains are useful for allowing domain names under a common subdomain to share the same certificate.
The fix involves adding a new DNSName constructor with an additional boolean flag ‘allowWildcard’.
Thank you,
Hai-May
More information about the security-dev
mailing list