Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in signer’s cert chain [v2]
On Wed, 13 Jan 2021 15:17:22 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> No warning for trusted cert's SHA1, and added debug output to test > > src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line > 1491: > >> 1489: .append(checkWeakKey(key)); >> 1490: >> 1491: certStr.append("\n").append(tab).append("["); > > It's a little strange to leave the other half of the bracket > (`certStr.append("]");` on line 1568) outside the if-else block. Can you > please move it inside? Of course you will have to duplicate them. I'd prefer to keep it as is instead of duplicating the code in several places inside if block and else block. - PR: https://git.openjdk.java.net/jdk/pull/2042
Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in signer’s cert chain [v2]
On Wed, 13 Jan 2021 20:26:17 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> No warning for trusted cert's SHA1, and added debug output to test > > Marked as reviewed by mullan (Reviewer). Thanks for the review, Max. The comment about trusted cert's sigalg checking has been removed. - PR: https://git.openjdk.java.net/jdk/pull/2042