Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8074426

Add PKCS12 support for trust settings on root certificates

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P2
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:
      None

      Backports

        Description

        One of the features we are missing is a way to mark and edit trust settings on trust anchors, or root CA certificates. For example, a root CA may be trusted for SSL, S/MIME, or code signing. Browsers usually support this feature, as well as OS-specific keystores like keychain on OS X.

        The work for this issue should also include enhancing the PKIX implementation to check the trust settings when validating chains. For example, a root that is only trusted for code signing should not be used to validate TLS certificates.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                mullan Sean Mullan
                Reporter:
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated: