Hi Sean and Erik An updated webrev is at
http://cr.openjdk.java.net/~weijun/8011402/webrev.01/ Changes since the last webrev: - Some makefile changes * wildcard on closed file * make sure the file's first line is always "Algorithm=" - Move fingerprint cache for cert from X509CertImpl to UntrustedCertificates - Cache hash for Certificate - log blacklist parsing error in UntrustedCertificates - A new test Thanks Max On 9/6/13 9:30 PM, Weijun Wang wrote:
Hi Sean Please review the code changes at 8011402: Move blacklisting certificate logic from hard code to data
http://cr.openjdk.java.net/~weijun/8011402/webrev.00/
Hard coded blacklisted certificates are moved out of the class file and now inside a data file. Furthermore, only their fingerprints are released in the JRE. The makefile covers blacklist files in both open and closed repo. No regression test, cleanup. *build-dev*, I am not an export of Makefile, and I have some questions: 1. I create a new macro (or function?) called cat-files. Its only difference from install-file is that it needs to deal with two inputs. Do we already have a similar macro somewhere? 2. cat-files is defined inside CopyFiles.gmk right beside its usage. Do you think it's better to define it in a common file? 3. Most important: it only works if both $(BLACKLISTED_CERTS_SRC_OPEN) and $(BLACKLISTED_CERTS_SRC_CLOSED) already exists. Currently there is no closed blacklist, but I still have to create an empty file there. Otherwise, there will be make[2]: *** No rule to make target `/space/repos/jdk8/tl/jdk/src/closed/share/lib/security/blacklisted.certs', needed by `/space/repos/jdk8/tl/build/macosx-x86_64-normal-server-release/jdk/lib/security/blacklisted.certs'. Stop. Is there a way to make it work without adding that empty file? Thanks Max
