RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint

Weijun Wang weijun at openjdk.org
Wed Sep 7 19:59:53 UTC 2022


On Wed, 7 Sep 2022 18:42:12 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Provide a new test for an old bug fix.
>
> test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java line 48:
> 
>> 46: 
>> 47:     public static void main(String[] args) throws Exception {
>> 48:         Security.setProperty("jdk.certpath.disabledAlgorithms", "");
> 
> This doesn't seem necessary as none of the algs used are disabled. Plus, if you remove this I think you don't need to run it in othervm.

Ah, I see. It must be because legacy algorithms were hardcoded in the certs. Now that certificates are generated on the fly they are always using strong algorithms.

-------------

PR: https://git.openjdk.org/jdk/pull/10203



More information about the security-dev mailing list