RFR: 8294985: SSLEngine throws IAE during parsing of X500Principal [v11]

Kevin Driver kdriver at openjdk.org
Thu May 18 17:02:01 UTC 2023

On Thu, 18 May 2023 16:48:34 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>   review comments addressed
> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java line 290:
>> 288:                 shc.peerSupportedAuthorities = spec.getAuthorities();
>> 289:             } catch (IllegalArgumentException iae) {
>> 290:                 shc.conContext.fatal(Alert.DECODE_ERROR, "X500Principal could not be parsed", iae);
> In the context, it may be easier to catch the idea if the message is about the authorities, and easier to update getAuthorities() implementation, for example X500Principal is not used any longer, if needed in the future.
> - "X500Principal could not be parsed"
> + "Peer authorities could not be parsed"

I'm inclined to keep the current version. It seems more specific in guiding the caller to the fix needed. However, I understand your point. 

@seanjmullan comments?


PR Review Comment: https://git.openjdk.org/jdk/pull/13466#discussion_r1198061874

More information about the security-dev mailing list