RFR: 8294985: SSLEngine throws IAE during parsing of X500Principal [v5]

Sean Mullan mullan at openjdk.org
Thu May 11 17:51:36 UTC 2023


On Thu, 11 May 2023 16:40:07 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
> 
>  - Update src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java
>    
>    Co-authored-by: Daniel Jelinski <djelinski1 at gmail.com>
>  - updated copyright
>  - fixes JDK-8294985: throw an SSLException wrapping the IAE

Not sure if you have more changes coming, but there are still a few other places where IAE could be thrown. I would change `getAuthorities()` (in both CertificateRequest.java and CertificateAuthoritiesExtension.java) to catch `IllegalArgumentException` and rethrow it as an `SSLException`, as this will ensure all existing and future calls to this method are handled consistently.

Also, I would change the `toString()` method to also catch IAE but not propagate it, instead print something like "unparseable X500Principal".

-------------

PR Review: https://git.openjdk.org/jdk/pull/13466#pullrequestreview-1423140554


More information about the security-dev mailing list