infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-05-25 13:04:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

7018897: CertPath validation cannot handle self-signed cert with bad KeyUsage

Browse Source 
Remove KeyUsage checking for trust anchors

Reviewed-by: mullan
This commit is contained in:
Xue-Lei Andrew Fan 2011-02-14 13:31:13 -08:00
parent 32b8c54ea3
commit ce7292003a
1 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
View File

@ -231,13 +231,6 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
AdaptableX509CertSelector issuerSelector =
new AdaptableX509CertSelector();
// check trusted certificate's key usage
boolean[] usages = trustedCert.getKeyUsage();
if (usages != null) {
usages[5] = true; // keyCertSign
issuerSelector.setKeyUsage(usages);
}
// check trusted certificate's subject
issuerSelector.setSubject(firstCert.getIssuerX500Principal());