[7u] code review request: 8014805: NPE is thrown during certpath validation if certificate does not have AuthorityKeyIdentifier extension
Sean Mullan
sean.mullan at oracle.com
Mon Jun 24 15:24:41 UTC 2013
On 06/24/2013 10:38 AM, Vincent Ryan wrote:
> Hello all,
>
> The fix to handle Authority Key IDs also applies to Subject Key IDs so I've duplicated the changes:
> http://cr.openjdk.java.net/~vinnie/8014805/webrev.01
1211 subjectKeyId = id.getIdentifier();
Should "id" be "ki"?
Also, these 2 methods are not thread-safe, which could cause issues if
the same certificates are used in multiple threads. This is an existing
issue with the methods, but unless this is a demonstrable performance
issue, I think you should change them to not cache the
subject/authKeyIds and just generate them each time the methods are invoked.
--Sean
>
> Thanks.
>
>
> On 24 Jun 2013, at 12:42, Vincent Ryan wrote:
>
>> Thanks.
>>
>> On 22 Jun 2013, at 01:19, Xuelei Fan wrote:
>>
>>> Looks fine to me.
>>>
>>> Xuelei
>>>
>>> On 6/21/2013 11:46 PM, Vincent Ryan wrote:
>>>> Please review this fix for 7u:
>>>>
>>>> http://cr.openjdk.java.net/~vinnie/8014805/webrev.00/
>>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8014805
>>>>
>>>> It corrects the NPE that occurs when verifying an X.509 cert that has an Authority Key ID extension
>>>> present but it is not in the hash-based format.
>>>>
>>>> This problem does not occur in JDK 8.
>>>>
>>>> Thanks.
>>>>
>>>
>>
>
More information about the security-dev
mailing list