Details
-
Type:
Enhancement
-
Status: Open
-
Priority:
P2
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: security-libs
-
Labels:None
-
Subcomponent:
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8154574 | 8-pool | Sean Coffey | P3 | Closed | Not an Issue | |
| JDK-8154575 | 7-pool | Sean Coffey | P3 | Closed | Not an Issue | |
| JDK-8154576 | 6-pool | Sean Coffey | P3 | Closed | Not an Issue |
Description
One of the features we are missing is a way to mark and edit trust settings on trust anchors, or root CA certificates. For example, a root CA may be trusted for SSL, S/MIME, or code signing. Browsers usually support this feature, as well as OS-specific keystores like keychain on OS X.
The work for this issue should also include enhancing the PKIX implementation to check the trust settings when validating chains. For example, a root that is only trusted for code signing should not be used to validate TLS certificates.
The work for this issue should also include enhancing the PKIX implementation to check the trust settings when validating chains. For example, a root that is only trusted for code signing should not be used to validate TLS certificates.
Attachments
Issue Links
- backported by
-
JDK-8154574 Add PKCS12 support for trust settings on root certificates
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- blocks
-
-
- Resolved
-
- relates to
-
-
- Resolved
-
-
-
- Resolved
-
(1 relates to)