Looks fine to me. Xuelei
On 11/10/2015 10:57 PM, Sean Mullan wrote:
Please review this fix for a regression that removes the requirement that a certificate's Authority Key Identifier must match the issuing certificate's Subject Key Identifier when building a certificate chain. The certificate chain validation algorithm in RFC 5280 does not require that the AKID/SKID match. I have moved the AKID/SKID match into the sorting criteria for building paths. If they match, it will try that certificate first, but it will also fallback and search other paths. A new test has been added to the closed area since it depends on certificates contributed by the submitter. webrev: http://cr.openjdk.java.net/~mullan/webrevs/8072463/webrev.00/ --Sean
