RFR 8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions

Anthony Scarpino anthony.scarpino at oracle.com
Mon Apr 11 15:59:35 UTC 2016


I believe I have addressed all previous comments and some changes were 
made to rename cacerts to jdkCA and how it works AnchorCertificates.java

http://cr.openjdk.java.net/~ascarpino/8140422/webrev.03/

Tony

On 02/29/2016 08:55 AM, Anthony Scarpino wrote:
> I need a code review of this change:
>
> http://cr.openjdk.java.net/~ascarpino/8140422/webrev/
>
> Currently CertPath algorithm restrictions allow or deny all
> certificates.  This change adds the ability to reject certificate chains
> that contain a restricted algorithm and the chain terminates at a root
> CA; therefore, allowing a self-signed or chain that does not terminate
> at a root CA.
>
> https://bugs.openjdk.java.net/browse/JDK-8140422
>
> Thanks
>
> Tony
>



More information about the security-dev mailing list