Hi Max,
Sure, I'll add a comment which explains why keytool resets that security
property.
I didn't notice any strange thing happening if SSL server uses weak
algorithms. Please see updated PrintSSL.java which now uses MD5withRSA.
Artem
On 11/07/2016 06:45 PM, Wang Weijun wrote:
Hi Artem
Change looks fine, but you can add a comment in keytool/Main on why you want to
set that security property.
BTW, you mentioned keytool -printcert -sslserver the other time. Is there any
strange thing happening if the SSL server is using weak cert/cipher?
Thanks
Max
On Nov 8, 2016, at 9:59 AM, Artem Smotrakov <artem.smotra...@oracle.com> wrote:
Sean, Max,
Please take a look at http://cr.openjdk.java.net/~asmotrak/8168882/webrev.03/
It doesn't print a warning anymore, and reset the security property only if -jarfile
specified. I also updated a couple of tests to check if "-printcert" works fine.
Artem
On 11/03/2016 05:47 PM, Artem Smotrakov wrote:
Thank you for review Sean.
I'll remove the warning then. And I'll update it to reset the security property
only if a jar file has been specified.
Let me also check how "-printcert -file ..." and "-printcert -sslserver" work.
Artem
On 11/03/2016 07:27 AM, Wang Weijun wrote:
I agree with Sean.
--Max
On Nov 3, 2016, at 10:00 PM, Sean Mullan <sean.mul...@oracle.com> wrote:
You should only unset the jdk.jar.disabledAlgorithms property if a jarfile has
been specified.
Also, you are printing the warning message for all usages of the -printcert
option, -ssl, etc, which is not correct.
But I don't really think the warning message is necessary. The docs for the
-printcert option are pretty clear that it simply extracts the certificate and
prints it. If we are going to put a warning in for signed JARs, then arguably
we should put in a more general, simple warning in for all usages of this
option to say that the certificate, etc is not verified, ex:
"WARNING: The -printcert option does not verify the certificate."
But again, I don't think this is strictly necessary.
Thanks,
Sean
