RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v5]
Michael Osipov
duke at openjdk.java.net
Fri Feb 18 15:21:02 UTC 2022
On Fri, 18 Feb 2022 15:06:07 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> So you leave it to the user to read the ASN.1 value and fail if the encoding is incorrect instead of throwing a `Ceritificate..Exception` although other GeneralNames do?
>
> I want to minimize behavior change and I'm leaving them to notice there's no string there and fail.
While I understand that, `new DerValue(byte[])` will be ignored and this will be inconsistent with the remaining general names. Looking at sun.security.x509.GeneralName.GeneralName(DerValue, boolean) they all throw `IOException`.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7167
More information about the security-dev
mailing list