RFR: 8294985: SSLEngine throws IAE during parsing of X500Principal [v5]
Sean Mullan
mullan at openjdk.org
Thu May 11 17:51:36 UTC 2023
On Thu, 11 May 2023 16:40:07 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
>
> - Update src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java
>
> Co-authored-by: Daniel Jelinski <djelinski1 at gmail.com>
> - updated copyright
> - fixes JDK-8294985: throw an SSLException wrapping the IAE
Not sure if you have more changes coming, but there are still a few other places where IAE could be thrown. I would change `getAuthorities()` (in both CertificateRequest.java and CertificateAuthoritiesExtension.java) to catch `IllegalArgumentException` and rethrow it as an `SSLException`, as this will ensure all existing and future calls to this method are handled consistently.
Also, I would change the `toString()` method to also catch IAE but not propagate it, instead print something like "unparseable X500Principal".
-------------
PR Review: https://git.openjdk.org/jdk/pull/13466#pullrequestreview-1423140554
More information about the security-dev
mailing list