Looks fine. --Sean
On 02/17/2016 10:24 AM, Xuelei Fan wrote:
Hi Sean, Thanks for the review. I find a new bug in KeyUtil.java, plan to fix in the same update. Please review the KeyUtil update: http://cr.openjdk.java.net/~xuelei/8139565/webrev.02/ The DSA parameter may not present in a X.509 certificate. The return value of DSAKey.getParams() may be null. This special case now is considered in the KeyUtil implementation. Thanks, Xuelei On 2/17/2016 4:22 AM, Sean Mullan wrote:Looks good. --Sean On 02/16/2016 12:16 AM, Xuelei Fan wrote:Added a new regression test: http://cr.openjdk.java.net/~xuelei/8139565/webrev.01/ Thanks, Xuelei On 2/15/2016 8:23 AM, Xuelei Fan wrote:Hi, Please review this security crypto constraints update: http://cr.openjdk.java.net/~xuelei/8139565/webrev.00/ This fix updates the java security property, "jdk.certpath.disabledAlgorithms", to restrict the use of certificates with DSA keys less than 1024 bits in certification path processing. Applications can update this restriction in the security property ("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if really needed (for example, "DSA keySize < 768"). Thanks, Xuelei
