Integrated: 8270946: X509CertImpl.getFingerprint should not return the empty String
Sean Mullan
mullan at openjdk.java.net
Tue Jul 27 13:52:37 UTC 2021
On Fri, 23 Jul 2021 17:16:26 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> Please review this fix to change the internal `X509CertImpl.getFingerprint` method to not return "" as a fingerprint if there is an error generating that fingerprint. Instead, `null` is now returned, and "" is no longer cached as a valid fingerprint. Although errors generating fingerprints should be very rare, this is a cleaner way to handle them.
>
> Also, debugging messages have been added when there is an exception. And, as a memory/performance improvement, `X509CertImpl.getFingerprint` now calls `X509CertImpl.getEncodedInternal` which avoids cloning the encoded bytes if the `Certificate` is an instance of `X509CertImpl`.
This pull request has now been integrated.
Changeset: fc80a6b4
Author: Sean Mullan <mullan at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/fc80a6b49364594fafa0e2efc769d2f6234cfa22
Stats: 228 lines in 6 files changed: 192 ins; 12 del; 24 mod
8270946: X509CertImpl.getFingerprint should not return the empty String
Reviewed-by: weijun
-------------
PR: https://git.openjdk.java.net/jdk/pull/4891
More information about the security-dev
mailing list