[7u40] Request for Phase 2 approval for 8014805: NPE is thrown during certpath validation if certificate does not have AuthorityKeyIdentifier extension
Seán Coffey
sean.coffey at oracle.com
Mon Jun 24 13:50:53 PDT 2013
Vinnie,
likewise - what testing was performed ?
regards,
Sean.
On 24/06/13 12:41, Vincent Ryan wrote:
> Hello all,
>
> Please approve the following fix for 7u40:
>
> Bug: http://bugs.sun.com/view_bug.do?bug_id=8014805
> Webrev: http://cr.openjdk.java.net/~vinnie/8014805/webrev.00/
> Code review: http://mail.openjdk.java.net/pipermail/security-dev/2013-June/007886.html
>
> This simple fix corrects the way an Authority Key Identifier (AKID) X.509 certificate extension is
> handled during OCSP certificate validation. Two forms of AKID are permitted: hash-based and
> name/serial number based. The fix for 7168191 (7u6) added a check to match AKIDs when
> distinguishing certificates with the same subject name. This fix corrects that check to handle the
> rare case when a certificate contains a non-hash-based AKID.
>
> This problem does not occur in JDK 8 (because a different code path is used).
>
> Thanks.
>
>
More information about the jdk7u-dev
mailing list