code review request: 7099399: cannot deal with CRL file larger than 16MB

Weijun Wang weijun.wang at oracle.com
Tue Oct 11 01:05:29 UTC 2011


Webrev at http://cr.openjdk.java.net/~weijun/7099399/webrev.00/

Basically, we're now accepting X.509 block of 4-octets length. For 
simplicity, the highest byte must be <= 127, so that the length can be 
expressed with a 32-bit int.

Thanks
Max


-------- Original Message --------
*Change Request ID*: 7099399
*Synopsis*: cannot deal with CRL file larger than 16MB

   Product: java
   Category: java
   Subcategory: classes_security
   Type: Defect

=== *Description* 
============================================================
The X.509 impl of CertificateFactory only parses X.509 blocks smaller 
than 16MB, i.e. when the length can be encoded in 3 octets. Now we have 
a customer whose CRL file is as big as 30MB.




More information about the security-dev mailing list