RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint
Weijun Wang
weijun at openjdk.org
Wed Sep 7 19:59:53 UTC 2022
On Wed, 7 Sep 2022 18:42:12 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Provide a new test for an old bug fix.
>
> test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java line 48:
>
>> 46:
>> 47: public static void main(String[] args) throws Exception {
>> 48: Security.setProperty("jdk.certpath.disabledAlgorithms", "");
>
> This doesn't seem necessary as none of the algs used are disabled. Plus, if you remove this I think you don't need to run it in othervm.
Ah, I see. It must be because legacy algorithms were hardcoded in the certs. Now that certificates are generated on the fly they are always using strong algorithms.
-------------
PR: https://git.openjdk.org/jdk/pull/10203
More information about the security-dev
mailing list