On Tue, 16 Nov 2021 19:36:11 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> There is no need to check for the KeyUsage extension when validating a TSA > certificate. > > A test is modified where a TSA cert has a KeyUsage but without the > DigitalSignature bit. src/java.base/share/classes/sun/security/validator/EndEntityChecker.java line 364: > 362: ValidatorException.T_EE_EXTENSIONS, cert); > 363: } > 364: Could you add a comment here just in case someone else adding the checking back? Otherwise, looks nice to me. ------------- PR: https://git.openjdk.java.net/jdk/pull/6416
