RFR 8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did

Sean Mullan sean.mullan at oracle.com
Sun Mar 22 14:41:33 UTC 2015

Looks ok, though the copyright date on BadPem.java is incorrect.


On 03/17/2015 06:02 AM, Wang Weijun wrote:
> Hi All
> Please review the code change at
>     http://cr.openjdk.java.net/~weijun/8074935/webrev.00/
> In jdk8, we use Base64.getMimeDecoder() to parse PEM-encoded certs and it ignores every character not in the base-64 alphabet. PEM is more restricted and as I know openssl rejects PEM with illegal chars (Ex, "!" as in bug report and test). This fix will also reject them.
> I also updated the encode side so that the output is always 64 chars wide, which is a requirement of PEM (http://en.wikipedia.org/wiki/Base64#Privacy-enhanced_mail).
> Thanks
> Max

More information about the security-dev mailing list