From 99c4526f1070f0a9d4ef8436c5ca2b30c58a5bc6 Mon Sep 17 00:00:00 2001
From: xuelei <unknown>
Date: Mon, 14 Feb 2011 13:31:13 -0800
Subject: [PATCH] 7018897: CertPath validation cannot handle self-signed cert
 with bad KeyUsage Summary: Remove KeyUsage checking for trust anchors
 Reviewed-by: mullan

---
 .../security/provider/certpath/PKIXCertPathValidator.java  | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java b/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
index a4f83c87b..63989de46 100644
--- a/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
+++ b/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
@@ -231,13 +231,6 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
         AdaptableX509CertSelector issuerSelector =
                         new AdaptableX509CertSelector();
 
-        // check trusted certificate's key usage
-        boolean[] usages = trustedCert.getKeyUsage();
-        if (usages != null) {
-            usages[5] = true;    // keyCertSign
-            issuerSelector.setKeyUsage(usages);
-        }
-
         // check trusted certificate's subject
         issuerSelector.setSubject(firstCert.getIssuerX500Principal());
 
-- 
GitLab