AVA.toString() result depends on debug flag

Sean Mullan sean.mullan at oracle.com
Mon Sep 19 08:19:31 PDT 2011

On 09/16/2011 02:32 AM, Weijun Wang wrote:
> In sun.security.x509.AVA, there are 3 places where
> } else if (debug != null && Debug.isOn("ava")) {
> is checked. If it's true, string representations of an AVA object uses
> \HEX dump for non-printable characters. This is nice for debugging
> purposes, but the output of a method depending on a debug flag is really
> not a good idea.
> The logic was introduced by Charlie in fix for 4505980.
> I suggest we always use \HEX.

Unless I'm misunderstanding, we should not do that, as this would change 
the format of characters in UTF8 DN Strings returned by 
X500Principal.getName and could cause compatibility issues. Any 
character not a DerValue.isPrintableStringChar would be emitted as hex 
instead of UTF8.


More information about the security-dev mailing list