On Tue, 25 Jan 2022 22:40:36 GMT, Sean Mullan <mul...@openjdk.org> wrote:

>> Hai-May Chao has updated the pull request incrementally with one additional 
>> commit since the last revision:
>> 
>>   Revert to get denyAfter from exception and reload caks
>
> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
>  line 759:
> 
>> 757:                         "denyAfter constraint check failed: " + 
>> algorithm +
>> 758:                         " used with Constraint date: " +
>> 759:                         denyAfterDate + " (in java.security: " + 
>> denyAfterString +
> 
> An application could override what was in the `java.security` file by setting 
> the property directly, so saying `java.security` is not totally precise. 
> However, it seems you don't actually need to add this extra info to the 
> exception messsage. Could we just use the `denyAfterDate` (after "used with 
> Constraint date: ") and reformat it into YYYY-MM-DD format if necessary?

Done. Removed the extra info (YYYY-MM-DD form) from the exception message that 
was set in `DisabledAlgorithmConstraints` class, and re-formated the 
`denyAfterDate` into YYYY-MM-DD format in keytool.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7039

Reply via email to