RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v4]
Michael Osipov
duke at openjdk.java.net
Tue Feb 15 16:03:11 UTC 2022
On Tue, 15 Feb 2022 15:16:58 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> New commit pushed with a spec change and CSR is now in draft mode. Something worth mentioning:
>
> 1. I explicitly added "valid UTF8String..." to match the `catch (IOException)` line in the implementation, so if there's anything wrong parsing the value as a string then the byte array will still be there.
Good.
> 2. I feel a little uneasy of the new `if` and `otherwise` words inside parentheses, especially the second one which seems out of nowhere. Please suggest better wording if possible.
What about?
and a fourth entry as either a string if {@code value} inside
is a valid ASN.1 string (any of UTF8String, PrintableString, T61String, IA5String,
UniversalString, BMPString, or GeneralString) or otherwise a byte array containing
the ASN.1 DER encoding of {@code value} without the context-specific
constructed tag with number 0.
> 3. The string types I listed is only what we supported inside JDK and not all "restricted character string types". Is it appropriate to list them out in a specification? If not, shall I just say "a valid character string"? This brings more explanation to what "valid" means.
Yes, this makes it perfectly clear what is supported of out of the box.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7167
More information about the security-dev
mailing list