[8] Code Review Request for 8010112: NullPointerException in sun.security.provider.certpath.CertId()
Sean Mullan
sean.mullan at oracle.com
Wed Mar 20 14:18:12 UTC 2013
Please review this fix for a NullPointerException when checking
revocation status of certificates:
webrev:
http://cr.openjdk.java.net/~mullan/webrevs/8010112/webrev.00/
The bug is not available online for some reason, so here are the
relevant details:
There were 2 issues that needed to be fixed:
1. CertId did not handle the case where a TrustAnchor was specified as a
name/key pair. Added a new constructor to allow for that.
2. DistributionPointFetcher.verifyCRL was not comparing Authority Key
Ids correctly. It was comparing the bytes of the entire extension value,
instead of just the KeyIdentifier field. It turns out that there are
some AKID extensions that have matching key ids but also may include
additional information in the other fields, causing the previous
comparison to fail even though the key identifiers match.
noreg-hard because the bug requires a complex setup to reproduce.
Thanks,
Sean
More information about the security-dev
mailing list