On 4/15/20 8:28 AM, Weijun Wang wrote:
On Apr 9, 2020, at 3:46 AM, Sean Mullan <sean.mul...@oracle.com> wrote:
On 4/6/20 11:11 PM, Weijun Wang wrote:
Please review the fix at
http://cr.openjdk.java.net/~weijun/8242184/webrev.00/
The major change is inside X509CRLImpl.java to allow params setting and reading.
I also take this chance to:
1. Provide a default -sigalg for "keytool -genkeypair -keyalg rsassa-pss".
I think you should file a CSR for that, since it is a new default, and the
default varies based on the size of the key. You should also update the keytool
man page section on defaults.
I've filed a CSR at https://bugs.openjdk.java.net/browse/JDK-8242812. Please
take a review.
In the Problem section, you might want to mention what the current
behavior of keytool is right now if you use an RSASSA-PSS key and you
don't specify -sigalg.
Otherwise, looks good.
--Sean
Here, actually when the key is RSASSA-PSS, the default signature is simply
RSASSA-PSS, and its parameters will take the same from the key itself, and not
related to the key size.
Thanks,
Max
--Sean
2. Revert a former change in X509CertImpl.java, which might be a safer call.
Thanks,
Max
