Hi John,
Looks good to me. Thanks for taking care of this!
I'm glad to see the binary files go away :-)
Would it be possible to include a comment in Cert.java that contains
the command you used to generate the certificates?
That will be a great help to future maintainers if the certificates
ever needs to be re-generated (e.g. to update the expiry date
etc...)
best regards,
-- daniel
Disclaimer: I am not an expert in ssl/security
On 07/02/2020 10:51, sha.ji...@oracle.com wrote:
Hi,
java/net/httpclient/ssltest/CertificateTest.java shouldn't use a
specific TLS version.
And it would be better not to use binary key store files.
Since DSA is not supported by TLSv1.3, this fix also updates the
certificates to use RSA.
Webrev: http://cr.openjdk.java.net/~jjiang/8238677/webrev.00/
Issue: https://bugs.openjdk.java.net/browse/JDK-8238677
Best regards,
John Jiang
