Hi Sean, Thanks for the review. I find a new bug in KeyUtil.java, plan to fix in the same update. Please review the KeyUtil update:
http://cr.openjdk.java.net/~xuelei/8139565/webrev.02/ The DSA parameter may not present in a X.509 certificate. The return value of DSAKey.getParams() may be null. This special case now is considered in the KeyUtil implementation. Thanks, Xuelei On 2/17/2016 4:22 AM, Sean Mullan wrote: > Looks good. > > --Sean > > On 02/16/2016 12:16 AM, Xuelei Fan wrote: >> Added a new regression test: >> >> http://cr.openjdk.java.net/~xuelei/8139565/webrev.01/ >> >> Thanks, >> Xuelei >> >> On 2/15/2016 8:23 AM, Xuelei Fan wrote: >>> Hi, >>> >>> Please review this security crypto constraints update: >>> >>> http://cr.openjdk.java.net/~xuelei/8139565/webrev.00/ >>> >>> This fix updates the java security property, >>> "jdk.certpath.disabledAlgorithms", to restrict the use of certificates >>> with DSA keys less than 1024 bits in certification path processing. >>> Applications can update this restriction in the security property >>> ("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if >>> really needed (for example, "DSA keySize < 768"). >>> >>> Thanks, >>> Xuelei >>> >>
