Re: RFR 8191438: jarsigner should print when a timestamp will expire

> On Dec 14, 2017, at 5:18 AM, Sean Mullan wrote: > > Looks good, but just to confirm something -- when verifying, if the signer's > certificate chain is still valid and unexpired, then an expired or invalid > timestamp or chain should not be an error. Essentially, the validation of the > ti

Re: RFR 8191438: jarsigner should print when a timestamp will expire

Looks good, but just to confirm something -- when verifying, if the signer's certificate chain is still valid and unexpired, then an expired or invalid timestamp or chain should not be an error. Essentially, the validation of the timestamp should only be done when the signer's certificate chain

Re: [8u-dev] Request to Review and for Approval to Backport : 8193156: Need to backout fixes for JDK-8058547, JDK-8055753, JDK-8085903

Thank you Sean for review! On 12/13/17 11:00 AM, Sean Mullan wrote: Looks fine to me. --Sean On 12/13/17 1:02 PM, Ivan Gerasimov wrote: Ping! The patch is the anti-delta of the fixes, so we're just reverting to what we used to have prior these fixes. Would you please help review this and

Re: [8u-dev] Request to Review and for Approval to Backport : 8193156: Need to backout fixes for JDK-8058547, JDK-8055753, JDK-8085903

Looks fine to me. --Sean On 12/13/17 1:02 PM, Ivan Gerasimov wrote: Ping! The patch is the anti-delta of the fixes, so we're just reverting to what we used to have prior these fixes. Would you please help review this and approve the backport? With kind regards, Ivan On 12/11/17 9:30 AM,

Re: [8u-dev] Request to Review and for Approval to Backport : 8193156: Need to backout fixes for JDK-8058547, JDK-8055753, JDK-8085903

Ping! The patch is the anti-delta of the fixes, so we're just reverting to what we used to have prior these fixes. Would you please help review this and approve the backport? With kind regards, Ivan On 12/11/17 9:30 AM, Ivan Gerasimov wrote: Hello! I'm seeking an approval to backport thi

Re: RFR 8192988: keytool should support -storepasswd for pkcs12 keystores

> On Dec 13, 2017, at 11:36 PM, Sean Mullan wrote: > > It looks like you converted p12importks.sh from shell code to java in > JKStoPKCS12.java, right? Yes, and modified a little. > I think you should still include 8010125 in the @bug label in > JKStoPKCS12.java though. OK. > > Otherwise

Re: RFR 8192988: keytool should support -storepasswd for pkcs12 keystores

It looks like you converted p12importks.sh from shell code to java in JKStoPKCS12.java, right? I think you should still include 8010125 in the @bug label in JKStoPKCS12.java though. Otherwise, looks good, one question though: If you are converting a JKS keystore to a PKCS12 keystore using keyt

RFR 8191438: jarsigner should print when a timestamp will expire

All suggestions accepted. Here is an updated webrev. http://cr.openjdk.java.net/~weijun/8191438/webrev.01/ New test cases added. Other changes are: 1. noTimestamp == true at signing side means no TSA or timestamping failed. 2. New method certsAndTSInfo() used by both signing and verification