custom critical X509v3 extensions
Sean Mullan
sean.mullan at oracle.com
Tue Mar 24 13:12:19 UTC 2015
On 03/24/2015 08:53 AM, Jan Willem Janssen wrote:
> Hi,
>
> When a X509TrustManager validates an endpoint certificate containing a
> critical custom extension the sun.security.validator.EndEntityChecker
> will always fail. While this is correct behaviour, and according to
> the spec, there appears no way of adding support for custom critical
> extensions on endpoint certificates?!
The CertPath API allows you to create your own PKIXCertPathChecker to
process custom extensions. This could then be added to the
CertPathTrustManagerParameters (via the addCertPathChecker method of
PKIXParameters), but it looks like there is no hook in the
EndEntityChecker to call the PKIXCertPathCheckers. I'll file a bug.
--Sean
>
> --
> Met vriendelijke groeten | Kind regards
>
> Jan Willem Janssen | Software Architect
> +31 631 765 814
>
> My world is revolving around INAETICS and Amdatu
>
> Luminis Technologies B.V.
> Churchillplein 1
> 7314 BZ Apeldoorn
> +31 88 586 46 00
>
> http://www.luminis-technologies.com
> http://www.luminis.eu
>
> KvK (CoC) 09 16 28 93
> BTW (VAT) NL8169.78.566.B.01
>
More information about the security-dev
mailing list