changeset 3739:44c99f30f9df

7018897: CertPath validation cannot handle self-signed cert with bad KeyUsage Summary: Remove KeyUsage checking for trust anchors Reviewed-by: mullan
author xuelei
date Mon, 14 Feb 2011 13:31:13 -0800
parents 338c5b815ff2
children 9024288330c4
files src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
diffstat 1 files changed, 0 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java	Mon Feb 14 11:00:02 2011 -0800
+++ b/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java	Mon Feb 14 13:31:13 2011 -0800
@@ -231,13 +231,6 @@
         AdaptableX509CertSelector issuerSelector =
                         new AdaptableX509CertSelector();
 
-        // check trusted certificate's key usage
-        boolean[] usages = trustedCert.getKeyUsage();
-        if (usages != null) {
-            usages[5] = true;    // keyCertSign
-            issuerSelector.setKeyUsage(usages);
-        }
-
         // check trusted certificate's subject
         issuerSelector.setSubject(firstCert.getIssuerX500Principal());