Code Review Request, JDK-8166103 Allow certs with unknown critical extension in SunX509 validator
Vincent Ryan
vincent.x.ryan at oracle.com
Fri Nov 11 17:46:38 UTC 2016
Your changes look fine to me.
Just a minor language correction: ‘to use’ -> ‘using’ (2 instances)
> On 11 Nov 2016, at 05:11, Xuelei Fan <Xuelei.Fan at Oracle.Com> wrote:
>
> Hi,
>
> Please review this bug fix:
>
> http://cr.openjdk.java.net/~xuelei/8166103/webrev.00/
>
> The current validator implementations only allow white listed critical certificate extensions, and not all JDK supported extensions are known to the validator. As may result in some issues that the cert is valid, but cannot pass the validation because there is a critical extension that is not white listed in the validator implementation.
>
> This fix will only check the validity of the white listed critical certificate extensions, and ignore the critical certificate extensions if they can be parsed with X509Certificate.
>
> Thanks,
> Xuelei
More information about the security-dev
mailing list