On 04/11/2016 11:59 AM, Anthony Scarpino wrote:
I believe I have addressed all previous comments and some changes were
made to rename cacerts to jdkCA and how it works AnchorCertificates.java
http://cr.openjdk.java.net/~ascarpino/8140422/webrev.03/
* CertConstraintParameters
31 * This class is a wrapper for keeping state and passing objects
betweenPKIX,
s/betweenPKIX/between PKIX/
* AnchorCertificates
The comments on lines 40-44 need to be updated now that you have changed
the implementation. Also you don't really need the surrounding double
quotes.
--Sean
Tony
On 02/29/2016 08:55 AM, Anthony Scarpino wrote:
I need a code review of this change:
http://cr.openjdk.java.net/~ascarpino/8140422/webrev/
Currently CertPath algorithm restrictions allow or deny all
certificates. This change adds the ability to reject certificate chains
that contain a restricted algorithm and the chain terminates at a root
CA; therefore, allowing a self-signed or chain that does not terminate
at a root CA.
https://bugs.openjdk.java.net/browse/JDK-8140422
Thanks
Tony
