Hi Artem Change looks fine, but you can add a comment in keytool/Main on why you want to set that security property.
BTW, you mentioned keytool -printcert -sslserver the other time. Is there any strange thing happening if the SSL server is using weak cert/cipher? Thanks Max > On Nov 8, 2016, at 9:59 AM, Artem Smotrakov <artem.smotra...@oracle.com> > wrote: > > Sean, Max, > > Please take a look at http://cr.openjdk.java.net/~asmotrak/8168882/webrev.03/ > > It doesn't print a warning anymore, and reset the security property only if > -jarfile specified. I also updated a couple of tests to check if "-printcert" > works fine. > > Artem > > > On 11/03/2016 05:47 PM, Artem Smotrakov wrote: >> Thank you for review Sean. >> >> I'll remove the warning then. And I'll update it to reset the security >> property only if a jar file has been specified. >> >> Let me also check how "-printcert -file ..." and "-printcert -sslserver" >> work. >> >> Artem >> >> >> On 11/03/2016 07:27 AM, Wang Weijun wrote: >>> I agree with Sean. >>> >>> --Max >>> >>>> On Nov 3, 2016, at 10:00 PM, Sean Mullan <sean.mul...@oracle.com> wrote: >>>> >>>> You should only unset the jdk.jar.disabledAlgorithms property if a jarfile >>>> has been specified. >>>> >>>> Also, you are printing the warning message for all usages of the >>>> -printcert option, -ssl, etc, which is not correct. >>>> >>>> But I don't really think the warning message is necessary. The docs for >>>> the -printcert option are pretty clear that it simply extracts the >>>> certificate and prints it. If we are going to put a warning in for signed >>>> JARs, then arguably we should put in a more general, simple warning in for >>>> all usages of this option to say that the certificate, etc is not >>>> verified, ex: >>>> >>>> "WARNING: The -printcert option does not verify the certificate." >>>> >>>> But again, I don't think this is strictly necessary. >>>> >>>> Thanks, >>>> Sean >> >
