RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint
Sean Mullan
mullan at openjdk.org
Wed Sep 7 19:00:50 UTC 2022
On Wed, 7 Sep 2022 16:49:50 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Provide a new test for an old bug fix.
test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java line 48:
> 46:
> 47: public static void main(String[] args) throws Exception {
> 48: Security.setProperty("jdk.certpath.disabledAlgorithms", "");
This doesn't seem necessary as none of the algs used are disabled. Plus, if you remove this I think you don't need to run it in othervm.
test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java line 72:
> 70: System.out.println("Calling trustmanager...");
> 71:
> 72: tm.checkServerTrusted(chain, "RSA");
Maybe add a comment that any authType works because the EE cert allows all key usages (has no KU ext).
-------------
PR: https://git.openjdk.org/jdk/pull/10203
More information about the security-dev
mailing list