[8] Code Review Request for 8010112: NullPointerException in sun.security.provider.certpath.CertId()

Vincent Ryan vincent.x.ryan at oracle.com
Wed Mar 20 14:43:45 UTC 2013


Looks fine Sean.

On 20 Mar 2013, at 14:18, Sean Mullan wrote:

> Please review this fix for a NullPointerException when checking revocation status of certificates:
> 
> webrev:
>   http://cr.openjdk.java.net/~mullan/webrevs/8010112/webrev.00/
> 
> The bug is not available online for some reason, so here are the relevant details:
> 
> There were 2 issues that needed to be fixed:
> 
> 1. CertId did not handle the case where a TrustAnchor was specified as a name/key pair. Added a new constructor to allow for that.
> 
> 2. DistributionPointFetcher.verifyCRL was not comparing Authority Key Ids correctly. It was comparing the bytes of the entire extension value, instead of just the KeyIdentifier field. It turns out that there are some AKID extensions that have matching key ids but also may include additional information in the other fields, causing the previous comparison to fail even though the key identifiers match.
> 
> noreg-hard because the bug requires a complex setup to reproduce.
> 
> Thanks,
> Sean




More information about the security-dev mailing list