RFR[15] 8245665: Test WeakAlg.java should only make sure no warning for weak signature algorithms by keytool on root CA

Hai-May Chao hai-may.chao at oracle.com
Sat May 23 06:44:29 UTC 2020


I did testing with a MD5RSA root CA. Updated the webrev.

Thanks,
Hai-May


> On May 22, 2020, at 8:50 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
> 
> You probably should use shouldNotMatch() because here it's a pattern match instead of simply contain.
> 
> Try add a MD5withRSA cert there to see how it works.
> 
> Thanks,
> Max
> 
>> On May 23, 2020, at 11:01 AM, Hai-May Chao <hai-may.chao at oracle.com> wrote:
>> 
>> Hi,
>> 
>> I’d like to request q review for -
>> 
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8245665
>> Webrev: https://cr.openjdk.java.net/~hchao/8245665/webrev.00/
>> 
>> Keytool only emits warnings for the root CA in cacerts using the weak key, but not for using the weak algorithm. So test case WeakAlg.java should do the checking on warnings accordingly.
>> 
>> Thanks,
>> Hai-May
>> 
> 




More information about the security-dev mailing list