RFR: 8251468: X509Certificate.get{Subject, Issuer}AlternativeNames does not throw CertificateParsingException if extension is unparseable
Weijun Wang
weijun at openjdk.java.net
Tue Oct 26 15:50:20 UTC 2021
On Tue, 26 Oct 2021 15:28:51 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> I was asking if `getIssuerAlternativeNameExtension` can throw the exception if IAE exists but not parseable.
>
> Ok, I understand your comment now. I'm hesitant to change those methods to throw an exception because to be consistent all the `get*Extension()` methods should then throw an Exception. That might be the right thing to do, but it is a bigger change and more risky. The code that calls these internal methods is used for building certification paths, and if null is returned, it is as if the certificate did not contain the extension. That might be a more reasonable behavior than throwing an Exception, since it allows the code to find other potential certificates or certification paths. Adding certpath debug can always be used to find out more about why certain certificates were not selected.
OK.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6106
More information about the security-dev
mailing list