RFR: 8296742: Illegal X509 Extension should not be created [v8]
Weijun Wang
weijun at openjdk.org
Tue Nov 22 20:28:25 UTC 2022
On Tue, 22 Nov 2022 19:49:33 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java line 142:
>>
>>> 140: if (permitted == null && excluded == null) {
>>> 141: throw new IllegalArgumentException(
>>> 142: "permitted and exclude cannot both be null");
>>
>> s/exclude/excluded/
>
> Do you want to add similar checks to the `GeneralSubtree` and `GeneralSubtrees` ctors?
There are still `add` in `GeneralSubtrees` so technically it can be started with an empty collection. Using `null` already throws an NPE now. I'll add a check in `GeneralSubtree` to reject a null name.
-------------
PR: https://git.openjdk.org/jdk/pull/11137
More information about the security-dev
mailing list