RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint

Weijun Wang weijun at openjdk.org
Wed Sep 7 20:03:40 UTC 2022


On Wed, 7 Sep 2022 18:56:42 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Provide a new test for an old bug fix.
>
> test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java line 72:
> 
>> 70:         System.out.println("Calling trustmanager...");
>> 71: 
>> 72:         tm.checkServerTrusted(chain, "RSA");
> 
> Maybe add a comment that any authType works because the EE cert allows all key usages (has no KU ext).

I'll change the key to RSA.

-------------

PR: https://git.openjdk.org/jdk/pull/10203


More information about the security-dev mailing list