7018897: CertPath validation cannot handle self-signed cert with bad KeyUsage

Summary: Remove KeyUsage checking for trust anchors Reviewed-by: mullan

7018897: CertPath validation cannot handle self-signed cert with bad KeyUsage
Summary: Remove KeyUsage checking for trust anchors Reviewed-by: mullan
99c4526f · xuelei · 44655d8d · 99c4526f
隐藏空白更改
内联并排

Showing with 0 addition and 7 deletion

src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java ...sun/security/provider/certpath/PKIXCertPathValidator.java +0 -7

未找到文件。
--- a/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
+++ b/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
@@ -231,13 +231,6 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
        AdaptableX509CertSelector issuerSelector =
                        new AdaptableX509CertSelector();

-        // check trusted certificate's key usage
-        boolean[] usages = trustedCert.getKeyUsage();
-        if (usages != null) {
-            usages[5] = true;    // keyCertSign
-            issuerSelector.setKeyUsage(usages);
-        }
-
        // check trusted certificate's subject
        issuerSelector.setSubject(firstCert.getIssuerX500Principal());