[7u] Request for approval for two PKI bug fixes: 8011867 and 8011745
Weijun Wang
weijun.wang at oracle.com
Mon Apr 15 01:44:18 PDT 2013
Hi Sean
I don't think this is a spec change. There is no such low-level spec on
what kinds of PKCS #9 attribute or CertificateChoices we should support.
The data structures themselves were defined long time ago (RFC 2630 on
1999, RFC 2985 on 2000) before JDK 7.
Yes, there will be behavior change but since both code changes are about
accepting formerly-unknown data types, we will only see less exception
than before. The main reason I want to fix these 2 bugs is because our
own jarsigner tool fails on modern TSA servers.
All related api/java_security JCK tests pass, according to the
jck_runtime results reported by SQE's nightly runs on jdk8/tl builds.
Thanks
Weijun
On 4/15/13 3:52 PM, Seán Coffey wrote:
> Weijun,
>
> would you regard this fix as a spec change for an update release ? Do
> docs specify what PKI related data types the JDK supports anywhere ? I'm
> just wondering if this could introduce an unexpected behavioural change
> for some applications. Have all related TCK tests been run ?
>
> regards,
> Sean.
>
> On 15/04/2013 03:11, Weijun Wang wrote:
>> Hi All
>>
>> This is a request to backport 2 jdk8 fixes into jdk7u.
>>
>> 8011867: Accept unknown PKCS #9 attributes
>>
>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8011867
>>
>> 8011745: Unknown CertificateChoices
>>
>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8011745
>>
>> Both bugs are about parsing PKI-related data. Previously unsupported
>> data types are now either supported or ignored without throw an
>> exception.
>>
>> The fix is already included in jdk8 as:
>>
>> http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0ab22e58d151
>> http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1c3fff140324
>>
>> Both reviewed by vinnie. The patch for jdk7uXXX is identical to the
>> one in jdk8.
>>
>> Thanks
>> Weijun
>
More information about the jdk7u-dev
mailing list