RFR: 8296742: Illegal X509 Extension should not be created [v8]
Weijun Wang
weijun at openjdk.org
Tue Nov 22 20:15:42 UTC 2022
On Tue, 22 Nov 2022 19:34:24 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> IssuerAlternativeNameExtension names
>
> src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java line 113:
>
>> 111: public CertificatePoliciesExtension(Boolean critical,
>> 112: List<PolicyInformation> certPolicies) throws IOException {
>> 113: if (certPolicies == null || certPolicies.isEmpty()) {
>
> You should probably also change `PolicyInformation(CertificatePolicyId policyIdentifier, Set<PolicyQualifierInfo> policyQualifiers)` to check for a null policyIdentifier and an empty policyQualifiers set.
I'll check about null `policyIdentifier`. According to https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.4, `policyQualifiers` is OPTIONAL so it can be empty.
-------------
PR: https://git.openjdk.org/jdk/pull/11137
More information about the security-dev
mailing list