-
Bug
-
Resolution: Unresolved
-
P4
-
17, 21, 25, 26
-
None
src/java.base/share/conf/security/java.security
===
# CAConstraint:
# jdkCA
# This constraint prohibits the specified algorithm only if the
# algorithm is used in a certificate chain that terminates at a marked
# trust anchor in the lib/security/cacerts keystore. If the jdkCA
# constraint is not set, then all chains using the specified algorithm
# are restricted. jdkCA may only be used once in a DisabledAlgorithm
# expression.
===
the lib/security/cacerts file may not exist in some JDK distributions. For some applications, no use of cacerts is made and the store pointed to by the "javax.net.ssl.trustStore" system property is used. I think it might be good to update the doc with respect to this.
===
# CAConstraint:
# jdkCA
# This constraint prohibits the specified algorithm only if the
# algorithm is used in a certificate chain that terminates at a marked
# trust anchor in the lib/security/cacerts keystore. If the jdkCA
# constraint is not set, then all chains using the specified algorithm
# are restricted. jdkCA may only be used once in a DisabledAlgorithm
# expression.
===
the lib/security/cacerts file may not exist in some JDK distributions. For some applications, no use of cacerts is made and the store pointed to by the "javax.net.ssl.trustStore" system property is used. I think it might be good to update the doc with respect to this.
- relates to
-
JDK-8154005 Add algorithm constraint that specifies the restriction date
-
- Closed
-