[security-dev 00945]: code review request 6852744: PIT b61: PKI test suite fails because self signed certificates are being rejected

Xuelei Fan Xuelei.Fan at Sun.COM
Thu Jul 2 09:04:37 UTC 2009


Hi,

bug description: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6852744
webrev: http://cr.openjdk.java.net/~xuelei/6852744/webrev/

Evaluation of the bug:
1. There is a loop of forward builder for self-issused intermediate 
certificates.
   The ForwardBuilder looks for the next certificate based on 
IssuerDN/SubjectDN. However, a self-issued certificate has the same 
IssuerDN and SubjectDN, the looking will loop on the self-issued 
certificate untill the loop detected.

2. Circular dependences
   In the PIT tests,  the valid of the intermediate CA certificate 
(oldCA) depends on the CRL; the valid of CRL depends on its issuer, the 
self-issued intermediate CA certificate (newWithOldCA); the valid of 
newWithOldCA depends on its issuer, the oldCA, here comes a dead loop.

Thanks,
Xuelei



More information about the security-dev mailing list