Details
-
Type:
Enhancement
-
Status: Resolved
-
Priority:
P2
-
Resolution: Future Project
-
Affects Version/s: None
-
Fix Version/s: 10
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8154574 | 8-pool | Sean Coffey | P3 | Closed | Not an Issue | |
JDK-8154575 | 7-pool | Sean Coffey | P3 | Closed | Not an Issue | |
JDK-8154576 | 6-pool | Sean Coffey | P3 | Closed | Not an Issue |
Description
One of the features we are missing is a way to mark and edit trust settings on trust anchors, or root CA certificates. For example, a root CA may be trusted for SSL, S/MIME, or code signing. Browsers usually support this feature, as well as OS-specific keystores like keychain on OS X.
The work for this issue should also include enhancing the PKIX implementation to check the trust settings when validating chains. For example, a root that is only trusted for code signing should not be used to validate TLS certificates.
The work for this issue should also include enhancing the PKIX implementation to check the trust settings when validating chains. For example, a root that is only trusted for code signing should not be used to validate TLS certificates.
Issue Links
- blocks
-
JDK-8154200 Add support for attributes for the cacerts keystore
-
- relates to
-
JDK-8162628 Investigate migrating cacerts keystore to PKCS12 format
-