RFR: 8294985: SSLEngine throws IAE during parsing of X500Principal [v6]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Mon May 15 19:19:47 UTC 2023
On Fri, 12 May 2023 20:30:04 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java line 136:
>>
>>> 134: } catch (IllegalArgumentException iae) {
>>> 135: throw new SSLException("X500Principal could not be parsed " +
>>> 136: "successfully", iae);
>>
>> Is it ok to throw a general `SSLException` here? Or do you need to call `TransportContext.fatal()` so that additional cleanup happens? Perhaps @XueleiFan would know.
>
> Yes, let's wait for @XueleiFan
It is not easy to understand the final behavior if throwing SSLException here. I would like to call `TransportContext.fatal()` directly to make the behavior more accuracy, by using Alert.DECODE_ERROR.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13466#discussion_r1194266764
More information about the security-dev
mailing list