RFR 8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did
Florian Weimer
fweimer at redhat.com
Mon Mar 23 08:33:18 UTC 2015
On 03/17/2015 11:02 AM, Wang Weijun wrote:
> Hi All
>
> Please review the code change at
>
> http://cr.openjdk.java.net/~weijun/8074935/webrev.00/
>
> In jdk8, we use Base64.getMimeDecoder() to parse PEM-encoded certs and it ignores every character not in the base-64 alphabet. PEM is more restricted and as I know openssl rejects PEM with illegal chars (Ex, "!" as in bug report and test). This fix will also reject them.
Shouldn't you add a Base64.getPemDecoder() with these semantics? I
think this decoder would be useful in other contexts as well.
--
Florian Weimer / Red Hat Product Security
More information about the security-dev
mailing list