-
Enhancement
-
Resolution: Unresolved
-
P4
-
None
-
None
-
Fix Understood
SunX509 key manager should support the same certificate checks that are supported by PKIX key manager.
Effectively there should be only 2 differences between 2 key managers:
- PKIX supports multiple key stores through KeyStore.Builder interface while SunX509 supports only a single keystore.
- SunX509 caches its whole key store on initialization thus improving performance. This means that subsequent modifications of the KeyStore have no effect on SunX509 KM, unlike PKIX .
Effectively there should be only 2 differences between 2 key managers:
- PKIX supports multiple key stores through KeyStore.Builder interface while SunX509 supports only a single keystore.
- SunX509 caches its whole key store on initialization thus improving performance. This means that subsequent modifications of the KeyStore have no effect on SunX509 KM, unlike PKIX .
- csr for
-
JDK-8360289 Support algorithm constraints and certificate checks in SunX509 key manager
-
- Draft
-
- duplicates
-
JDK-8353113 Peer supported certificate signature algorithms are not being checked with default SunX509 key manager
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- links to
-
Review(master)
openjdk/jdk/25016
(1 links to)