The tracing statements output by java.security.debug=certpath should be improved to use more informative messaging. Recent case demonstrates the need to improve message. Examples are : * Not pointing out where a link was broken while building a PKIX cert path * Vague messages like : certpath: X509CertSelector.match: maxPathLen too small (-1 < 1) * Failing to clearly notify user which cert was not trusted or failing to indicate what cert was missing (being searched for)
|