RFR: 8255739: x509Certificate returns � for invalid subjectAlternativeNames [v2]
Masanori Yano
myano at openjdk.java.net
Fri Jan 14 11:18:23 UTC 2022
> Could you please review the JDK-8255739 bug fix?
>
> I think sun.security.x509.SubjectAlternativeNameExtension() should throw an exception for incorrect SubjectAlternativeNames instead of returning the substituted characters, which is explained in the description of BugDB.
>
> I modified DerValue.readStringInternal() not to read incorrect SubjectAlternativeNames and throw an IOException. sun.security.x509.X509CertInfo.parse() catch the IOExcepton and ignore it if SAN is a non-ciritical extension like the behavior of the IOException in readStringInternal(). So I added a test with -Djava.security.debug=x509 to confirm that.
Masanori Yano has updated the pull request incrementally with one additional commit since the last revision:
8255739: x509Certificate returns � for invalid subjectAlternativeNames
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/6928/files
- new: https://git.openjdk.java.net/jdk/pull/6928/files/b11495d9..a777ded0
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=6928&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=6928&range=00-01
Stats: 103 lines in 3 files changed: 44 ins; 46 del; 13 mod
Patch: https://git.openjdk.java.net/jdk/pull/6928.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/6928/head:pull/6928
PR: https://git.openjdk.java.net/jdk/pull/6928
More information about the security-dev
mailing list