RFR[15]: 8186143: keytool -ext option doesn’t accept wildcards for DNS subject alternatives names

Hai-May Chao hai-may.chao at oracle.com
Fri Mar 13 16:25:33 UTC 2020


Hi,

I need a code review for -

Bug: https://bugs.openjdk.java.net/browse/JDK-8186143
Webrev: http://cr.openjdk.java.net/~weijun/8186143/webrev.00/

The keytool -ext option doesn’t accept wildcards for DNS subject alternatives names in certificates. Certificates with wildcarded domains are useful for allowing domain names under a common subdomain to share the same certificate.

The fix involves adding a new DNSName constructor with an additional boolean flag ‘allowWildcard’.

Thank you,
Hai-May




More information about the security-dev mailing list