-
Enhancement
-
Resolution: Fixed
-
P4
-
None
-
generic
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8220725 | 13 | Raymond Gallardo | P4 | Resolved | Fixed |
From the submitter:
I believe it would be a useful enhancement request to be able to
configure the TrustManager to take account of the validity dates of the
trust anchor. Does the Oracle security team have any objections to me
taking the information in this report and submitting an enhancement
request to that effect?
Analysis:
We should avoid adding non-standard hooks into the
implementation since the API (at least for this case) is
flexible enough to do this themselves w/o too much effort.
In that case documenting the case should address anyone else who has the same issue. The JSSE Reference Guide is likely the best place.
Create a PKIXBuilderParameters object with a filtered Set of TrustAnchors (i.e. write a small amount of code that checks for and removes any that are expired) and encapsulate that in a CertPathTrustParameters object which would then be passed into the TrustManagerFactory.init method.
I believe it would be a useful enhancement request to be able to
configure the TrustManager to take account of the validity dates of the
trust anchor. Does the Oracle security team have any objections to me
taking the information in this report and submitting an enhancement
request to that effect?
Analysis:
We should avoid adding non-standard hooks into the
implementation since the API (at least for this case) is
flexible enough to do this themselves w/o too much effort.
In that case documenting the case should address anyone else who has the same issue. The JSSE Reference Guide is likely the best place.
Create a PKIXBuilderParameters object with a filtered Set of TrustAnchors (i.e. write a small amount of code that checks for and removes any that are expired) and encapsulate that in a CertPathTrustParameters object which would then be passed into the TrustManagerFactory.init method.
- backported by
-
JDK-8220725 Add example to show how to have TrustManager take the validity dates of trust anchors into account
-
- Resolved
-