[security-dev 00588]: Code review request: Accepting OpenSSL-style cert
Max (Weijun) Wang
Weijun.Wang at Sun.COM
Fri Feb 20 11:06:18 UTC 2009
Hi Vinnie
I've forward-ported the OpenSSL-style cert fix to JDK 7, updated an
existing test[1], and add a new regression test. can you please take a
review? The diff of X509Factory.java is identical to the one I showed
you last month.
Synopsis: keytool can be more flexible on format of PEM-encoded X.509
certificates
Bug: http://bugs.sun.com/view_bug.do?bug_id=6535697
Fix: http://hgrev.appspot.com/show?id=3102
Thanks
Max
[1] Before the code update, BadX509CertData.java tries to parse an
arbitrary byte array as a DER (since there's no "-----BEGIN" there),
and it expects CertificateParsingException thrown. After the update,
it tries to parse it as a PEM (since there's no SEQUENCE 0x30 tag),
and this time CertificateException is thrown. Anyway, the test shows
the byte array as a "bad" cert.
More information about the security-dev
mailing list