> On Apr 9, 2020, at 3:46 AM, Sean Mullan <sean.mul...@oracle.com> wrote: > > On 4/6/20 11:11 PM, Weijun Wang wrote: >> Please review the fix at >> http://cr.openjdk.java.net/~weijun/8242184/webrev.00/ >> The major change is inside X509CRLImpl.java to allow params setting and >> reading. >> I also take this chance to: >> 1. Provide a default -sigalg for "keytool -genkeypair -keyalg rsassa-pss". > > I think you should file a CSR for that, since it is a new default, and the > default varies based on the size of the key. You should also update the > keytool man page section on defaults.
I've filed a CSR at https://bugs.openjdk.java.net/browse/JDK-8242812. Please take a review. Here, actually when the key is RSASSA-PSS, the default signature is simply RSASSA-PSS, and its parameters will take the same from the key itself, and not related to the key size. Thanks, Max > > --Sean > >> 2. Revert a former change in X509CertImpl.java, which might be a safer call. >> Thanks, >> Max
