RFR: 8311546: Certificate name constraints improperly validated with leading period
Sean Mullan
mullan at openjdk.org
Fri Oct 27 12:40:32 UTC 2023
On Fri, 20 Oct 2023 20:52:13 GMT, Ben Perez <duke at openjdk.org> wrote:
> Updated the `constrains` method in `DNSName.java` to accept certificates with a leading period.
src/java.base/share/classes/sun/security/x509/DNSName.java line 1:
> 1: /*
On line 203, can you modify the comment to:
* RFC 5280: For DNS names, restrictions MUST use the dNSName syntax in
Section 4.2.1.6.
This matches the new text in the errata (https://www.rfc-editor.org/errata/eid5997).
Also, you can remove the comments on lines 208-213 as they are duplicates.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16295#discussion_r1374517701
More information about the security-dev
mailing list