On Wed, 12 Jan 2022 02:15:45 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints` > class when performing algorithm constraints checks. This change is to enhance > `keytool` to make use of the new methods > `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters` > and `checkKey` parameters. For the keyusage in the EE certificate of a > certificate chains, set the variant accordingly when calling > `CertPathConstraintsParameters` constructor. This pull request has now been integrated. Changeset: c2ee1b33 Author: Hai-May Chao <hc...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/c2ee1b33c37e6f2848dc8b3e5417b93b1dac1112 Stats: 432 lines in 3 files changed: 377 ins; 0 del; 55 mod 8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints Reviewed-by: mullan ------------- PR: https://git.openjdk.java.net/jdk/pull/7039
