Hi Max,
Would you please review the updates? I think JavaOne would occupy most
of the time of others.
Webrev: http://cr.openjdk.java.net/~xuelei/6847459/webrev.00/
No new test case, the closed/sun/security/validator/BasicTests.java
covered the case.
Thanks,
Andrew
xuelei....@sun.com wrote:
Sun Confidential: Internal only
*Synopsis*: Allow trust anchor self-issued intermediate version 1 and version 2
certificate
CrPrint: http://bt2ws.central.sun.com/CrPrint?id=6847459
Monaco: http://monaco.sfbay.sun.com/detail.jsf?cr=6847459
*Change Request ID*: 6847459
*Synopsis*: Allow trust anchor self-issued intermediate version 1 and version 2
certificate
Product: java
Category: java
Subcategory: classes_security
Type: Defect
Subtype:
Status: 1-Dispatched
Substatus:
Priority: 3-Medium
Introduced In Release:
Introduced In Build:
Responsible Manager: frances...@sun.com
Responsible Engineer: xuelei....@sun.com
Initial Evaluator: jsn-sec-b...@sun.com
Keywords:
=== *Description* ============================================================
With the updates at 6822460, we start support slef-issued certificate in
PKIXValidator, which will try to validate self-issued certificate instead
ignore them as past.
However, the ConstraintsChecker will reject all version 1 and version 2
certificates for there is no basic constraints extension inside. Here comes a
regression failure, before the updates of 6822460, self-issued version 1 and
version 2 certificates could be validated because there is no trying to
validate them, after the updates, self-issued version 1 and version 2
certificates would be denied by ConstraintsChecker.
If a version 1 and version 2 self-issued certificate is issued by a trust
anchor, we need to it at ConstraintsChecker, because there are practical cases
that a trust anchor need to issue self-issued certificate in order to support
key rollover or changes in certificate policies.
*** (#1 of 1): 2009-06-03 03:10:11 GMT+00:00 xuelei....@sun.com
=== *Public Comments* ========================================================
=== *Comments* ===============================================================
=== *Evaluation* =============================================================
=== *Suggested Fix* ==========================================================
=== *Workaround* =============================================================
=== *Justification* ==========================================================
Priority changed from [] to [3-Medium]
there is a failure of regression test
xuelei....@sun.com 2009-06-03 03:10:11 GMT
*** (#1 of 1): 2009-06-03 03:10:11 GMT+00:00 xuelei....@sun.com
=== *Additional Details* =====================================================
Targeted Release: 7
Commit To Fix In Build:
Fixed In Build:
Integrated In Build:
Verified In Build:
See Also:
Duplicate of:
Hooks:
Hook1:
Hook2:
Hook3:
Hook4:
Hook5:
Hook6:
Interest List:
Program Management:
Root Cause:
Is a Security Vulnerability?: No
Fix Affects Documentation: No
Fix Affects Localization: No
Reported by:
=== *History* ================================================================
Date Submitted: 2009-06-03 03:10:10 GMT+00:00
Submitted By: xuelei....@sun.com
Status Changed Date Updated Updated By
=== *Solution* ===============================================================
=== *Service Request* ========================================================
ID: 1-544857704
Customer:
Account Name: Sun Micosystems Inc
Customer Contact:
Customer Contact Role: D-Development
Customer Contact Type: I-Internal (SMI) Customer
Impact: Significant
Functionality: Secondary
Severity: 3
Synopsis:
Product Name: java
Product Release: 7
Product Build: b59
Operating System: generic
Hardware: generic
Reference Number:
Sun Contact: xuelei....@sun.com
Status: Open
Source: BugTraq2
Reproducible:
Submitted By: xuelei....@sun.com
Submitted Date: 2009-06-03 03:10:11 GMT+00:00
Description:
=== *Activity* ===============================================================
=== *Multiple Release (MR) Cluster* - 0 ======================================
=== *Escalations* ============================================================
