RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v4]

Michael Osipov duke at openjdk.java.net
Tue Feb 15 15:59:10 UTC 2022


On Tue, 15 Feb 2022 15:16:58 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   specifies the type of the 4th element
>
> New commit pushed with a spec change and CSR is now in draft mode. Something worth mentioning:
> 
> 1. I explicitly added "valid UTF8String..." to match the `catch (IOException)` line in the implementation, so if there's anything wrong parsing the value as a string then the byte array will still be there.
> 2. I feel a little uneasy of the new `if` and `otherwise` words inside parentheses, especially the second one which seems out of nowhere. Please suggest better wording if possible.
> 3. The string types I listed is only what we supported inside JDK and not all "restricted character string types". Is it appropriate to list them out in a specification? If not, shall I just say "a valid character string"? This brings more explanation to what "valid" means.

> > @wangweij I would highly recommend to address this ticket first: https://bugs.openjdk.java.net/browse/JDK-6776681. It is partially related.
> 
> I noticed the problem and have fixed it in this code change. `nameValue` is the bytes inside.

Yes, looks good. Are you going to address this separately or document to be implicitly fixed by this PR?

-------------

PR: https://git.openjdk.java.net/jdk/pull/7167



More information about the security-dev mailing list