RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v2]
Weijun Wang
weijun at openjdk.java.net
Tue Feb 15 14:43:07 UTC 2022
On Tue, 15 Feb 2022 14:36:35 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Your words are more precise. A reader should check the size first. A new commit pushed and the CSR is also updated.
>
>> @wangweij I would highly recommend to address this ticket first: https://bugs.openjdk.java.net/browse/JDK-6776681. It is partially related.
>
> I noticed the problem and have fixed it in this code change. `nameValue` is the bytes inside.
> @wangweij Any chance to evaluate this comment from me: https://bugs.openjdk.java.net/browse/JDK-8277976?focusedCommentId=14462729&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14462729?
> Automatic mapping of the value if it is a ASN.1 simple type to a Java type like done for the remaining general names? At least strings would be straight forward and cover many cases, e.g., MS UPN (1.3.6.1.4.1.311.20.2.3).
I'll think about it. Strings (except for OCTET STRING and BIT STRING) are OK.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7167
More information about the security-dev
mailing list