Changeset: 045743e0eb2d
Author:xuelei
Date: 2009-06-04 11:28 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/045743e0eb2d
6847459: Allow trust anchor self-issued intermediate version 1 and version 2
certificate
Reviewed-by: weijun
! src/share/classes/sun/security/provider/ce
Florian Weimer wrote:
What does self-issued mean? Is it the same as self-signed? Wouldn't
it break the chain in that case?
Self-issued certificates are those certificates in which the subject and
issuer are the same entity. Self-signed certificate is a sub type of
self-issued certificate
* Xuelei Fan:
>> One question: what's the version of the trust anchor in the failed test?
>> Is it v1?
> It is V1, and issue a self-issued V1 certificate for renew the private
> key, so there is a intermediate V1 CA cert.
What does self-issued mean? Is it the same as self-signed? Wouldn't
it b
Xuelei Fan wrote:
>
>
> Weijun Wang wrote:
>> Maybe you can be even more strict: If the trust anchor (cert[0]) is
>> already v3, cert[1] must also be v3. Is this reasonable?
>>
>>
> Currently, the checker know nothing about the trust anchor. If we
> support above checking, we need to update
Weijun Wang wrote:
Maybe you can be even more strict: If the trust anchor (cert[0]) is
already v3, cert[1] must also be v3. Is this reasonable?
Currently, the checker know nothing about the trust anchor. If we
support above checking, we need to update the checker and let it know
the trust
Maybe you can be even more strict: If the trust anchor (cert[0]) is
already v3, cert[1] must also be v3. Is this reasonable?
Max
Xuelei Fan wrote:
>
>
> Weijun Wang wrote:
>> Xuelei Fan wrote:
>>
>>> Weijun Wang wrote:
>>>
+// We choose to reject all version 1 and version 2 inter
Weijun Wang wrote:
Xuelei Fan wrote:
Weijun Wang wrote:
+// We choose to reject all version 1 and version 2 intermediate
+// certificates except that it is self issued by the trust
+// anchor in order to support key rollover or changes in
+// certificate policies.
+
