[9] RFR 8163503: PKCS12 keystore cannot store non-X.509 certificates
Xuelei Fan
xuelei.fan at oracle.com
Wed Aug 10 01:04:44 UTC 2016
The for loop at line 1507 and 1520 may be merged together.
Xuelei
On 8/10/2016 8:38 AM, Weijun Wang wrote:
> I thought I've seen this webrev before.
>
> Why not just throw a KeyStoreException in validateChain()?
>
> --Max
>
> On 8/10/2016 2:14, Vincent Ryan wrote:
>> Please review this fix to improve the error handling for attempts to
>> store a Certificate object in PKCS12 keystore.
>> The PKCS12 keystore implementation supports storing only
>> X509Certificate objects but the KeyStore API allows Certificate objects.
>> This fix rejects attempts to store non-X.509 certificates and throws a
>> KeyStoreException.
>>
>> Thanks.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8163503
>> Webrev: http://cr.openjdk.java.net/~vinnie/8163503/webrev.00/
>>
>>
More information about the security-dev
mailing list