Authority Information Access extension (AIA) enabling by default ?
Baesken, Matthias
matthias.baesken at sap.com
Wed Apr 10 07:44:51 UTC 2024
Hello, in sun/security/provider/certpath/Builder.java we check a property com.sun.security.enableAIAcaIssuers to set AIA (Authority Information Access extension) support :
https://github.com/openjdk/jdk/blob/71c5bbcec7052a8394dd49c0a8c46801adbfcae4/src/java.base/share/classes/sun/security/provider/certpath/Builder.java#L54
/**
* Flag indicating whether support for the caIssuers field of the
* Authority Information Access extension shall be enabled. Currently
* disabled by default for compatibility reasons.
*/
static final boolean USE_AIA = GetBooleanAction
.privilegedGetProperty("com.sun.security.enableAIAcaIssuers");
By the default, the AIA support is disabled (but can be enabled by the property above) .
Are there some plans/thoughts to enable it by default in the future ?
(and what are the stated compatibility reasons that were mentioned manye years ago when the comment was written?
Are they still as valid today as before ?)
Best regards, Matthias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20240410/d5499fdd/attachment.htm>
More information about the security-dev
mailing list