On Mon, 27 Jan 2025 22:43:32 GMT, Tim Jacomb wrote:
>> ## The change
>>
>> Without this change intermediate certificates that don't have explicit trust
>> settings are ignored not added to the truststore.
>>
>>
>>
>> ## Reproducer
>>
>> See https://github.com/timja/openjdk-intermediate-ca-r
On Tue, 1 Apr 2025 16:13:55 GMT, Tim Jacomb wrote:
> > I am dubious that this is the right thing to do. There is a distinct
> > difference between a certificate that is trusted and one that requires
> > additional validation to determine if it is trusted. Blindly trusting
> > self-signed certi
On Tue, 1 Apr 2025 19:23:27 GMT, Sean Mullan wrote:
> We need to be really careful here. With this fix we are deciding at runtime
> that these intermediate certificates should be treated as
> `KeyStore.TrustedCertificateEntry` objects just because they validated ok,
> and without any interacti
On Mon, 27 Jan 2025 22:43:32 GMT, Tim Jacomb wrote:
>> ## The change
>>
>> Without this change intermediate certificates that don't have explicit trust
>> settings are ignored not added to the truststore.
>>
>>
>>
>> ## Reproducer
>>
>> See https://github.com/timja/openjdk-intermediate-ca-r
On Mon, 27 Jan 2025 22:43:32 GMT, Tim Jacomb wrote:
>> ## The change
>>
>> Without this change intermediate certificates that don't have explicit trust
>> settings are ignored not added to the truststore.
>>
>>
>>
>> ## Reproducer
>>
>> See https://github.com/timja/openjdk-intermediate-ca-r
On Tue, 1 Apr 2025 17:29:57 GMT, Sean Mullan wrote:
> > > I am dubious that this is the right thing to do. There is a distinct
> > > difference between a certificate that is trusted and one that requires
> > > additional validation to determine if it is trusted. Blindly trusting
> > > self-sig
On Tue, 1 Apr 2025 15:25:45 GMT, Sean Mullan wrote:
> I am dubious that this is the right thing to do. There is a distinct
> difference between a certificate that is trusted and one that requires
> additional validation to determine if it is trusted. Blindly trusting
> self-signed certificates
On Mon, 27 Jan 2025 22:43:32 GMT, Tim Jacomb wrote:
>> ## The change
>>
>> Without this change intermediate certificates that don't have explicit trust
>> settings are ignored not added to the truststore.
>>
>>
>>
>> ## Reproducer
>>
>> See https://github.com/timja/openjdk-intermediate-ca-r
On Mon, 27 Jan 2025 22:43:32 GMT, Tim Jacomb wrote:
>> ## The change
>>
>> Without this change intermediate certificates that don't have explicit trust
>> settings are ignored not added to the truststore.
>>
>>
>>
>> ## Reproducer
>>
>> See https://github.com/timja/openjdk-intermediate-ca-r
> ## The change
>
> Without this change intermediate certificates that don't have explicit trust
> settings are ignored not added to the truststore.
>
>
>
> ## Reproducer
>
> See https://github.com/timja/openjdk-intermediate-ca-reproducer
>
> Without this change the reproducer fails, and wit
10 matches
Mail list logo
