Re: RFR [12]: 8195793: Remove GTE CyberTrust Global Root

Looks good to me! Thanks, Rajan On 10/18/18 8:04 AM, Sean Mullan wrote: Please review this change to remove the GTE CyberTrust Global Root from the cacerts keystore. This root is expired and all certificates that chain back to this root have expired. Note that retaining roots past their expi

Upgrade to RSAKeyGenParameterSpec.F4 for RSA Keypair generation test?

Hi, Security developers, We can’t pass the following test on our platform for OpenJDK8. Test: http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/file/4a782529d712/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java#l106 Error Message: Generating 512 bit keypair... STDERR: java.security.ProviderEx

Re: RFR 6913047: SunPKCS11 memory leak

Hi Valerie, Thanks for your feedback. I suggest to keep only one hierarchy of webrevs, so I'll continue in Webrev.12 using your Webrev.02 as a base. In general, I'm happy with your P11Key refactorings and with keeping the previous reference inc/dec scheme on P11key clients side. I'll go file-by

RFR [12]: 8195793: Remove GTE CyberTrust Global Root

Please review this change to remove the GTE CyberTrust Global Root from the cacerts keystore. This root is expired and all certificates that chain back to this root have expired. Note that retaining roots past their expiration date may make sense in some cases. For example, if we removed a roo