[security-dev 00589]: Re: Code review request: Accepting OpenSSL-style cert
Vincent Ryan
Vincent.Ryan at Sun.COM
Fri Feb 20 12:03:42 UTC 2009
Your fix looks good Max.
Max (Weijun) Wang wrote:
> Hi Vinnie
>
> I've forward-ported the OpenSSL-style cert fix to JDK 7, updated an
> existing test[1], and add a new regression test. can you please take a
> review? The diff of X509Factory.java is identical to the one I showed
> you last month.
>
> Synopsis: keytool can be more flexible on format of PEM-encoded X.509
> certificates
> Bug: http://bugs.sun.com/view_bug.do?bug_id=6535697
> Fix: http://hgrev.appspot.com/show?id=3102
>
> Thanks
> Max
>
> [1] Before the code update, BadX509CertData.java tries to parse an
> arbitrary byte array as a DER (since there's no "-----BEGIN" there), and
> it expects CertificateParsingException thrown. After the update, it
> tries to parse it as a PEM (since there's no SEQUENCE 0x30 tag), and
> this time CertificateException is thrown. Anyway, the test shows the
> byte array as a "bad" cert.
More information about the security-dev
mailing list