RFR: 8294985: SSLEngine throws IAE during parsing of X500Principal [v10]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Thu May 18 14:16:01 UTC 2023
On Thu, 18 May 2023 04:04:17 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> rework based upon code review comments
>
> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java line 289:
>
>> 287: shc.peerSupportedAuthorities = spec.getAuthorities();
>> 288: } catch (IllegalArgumentException iae) {
>> 289: shc.conContext.fatal(Alert.DECODE_ERROR, "X500Principal could not be parsed");
>
> To easy debugging, I may use the exception with fatal(Alert alert, String diagnostic, Throwable cause). Considering this point, I may prefer to throw SSLException in getAuthorities() method.
>
>
> X500Principal[] getAuthorities() throws SSLException {
> ...
> try {
> shc.peerSupportedAuthorities = spec.getAuthorities();
> } catch (SSLException ssle) {
> shc.conContext.fatal(Alert.DECODE_ERROR, "Cannot parse peer supported authorities", ssle);
> }
> @XueleiFan Seems like an unnecessary wrapping of IAE when it is going to be rethrown anyway.
I'm fine if IAE get checked for every call to getAuthorities().
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13466#discussion_r1197881532
More information about the security-dev
mailing list