RFR: 8251468: X509Certificate.get{Subject, Issuer}AlternativeNames does not throw CertificateParsingException if extension is unparseable
Weijun Wang
weijun at openjdk.java.net
Mon Oct 25 18:33:04 UTC 2021
On Mon, 25 Oct 2021 15:13:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 1618:
>>
>>> 1616: }
>>> 1617: SubjectAlternativeNameExtension subjectAltNameExt =
>>> 1618: getSubjectAlternativeNameExtension();
>>
>> Does it make sense to let the line above throwing an exception? I see the method is called in several places (`X509CertSelector`, `Builder`, etc). What is the correct behavior in those places?
>
> To clarify, do you mean this code in `getExtension(ObjectIdentifier)` that swallows the exception?:
>
>
> } catch (IOException ioe) {
> return null;
> }
That's probably a little deeper and changing it will have a mass effect. What about at the `getIssuerAlternativeNameExtension` level?
-------------
PR: https://git.openjdk.java.net/jdk/pull/6106
More information about the security-dev
mailing list