[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-security-dev
Subject: Re: RFR: 8251468: X509Certificate.get{Subject, Issuer}AlternativeNames does not throw CertificatePar
From: Weijun Wang <weijun () openjdk ! java ! net>
Date: 2021-10-26 15:50:20
Message-ID: smLaqONqgAPPdK8bNEb-0IbPacfmfsCmk-A-ytEZUP0=.ec60e53e-d6f3-4c1d-8b5b-c178889eb8ec () github ! com
[Download RAW message or body]
On Tue, 26 Oct 2021 15:28:51 GMT, Sean Mullan <mullan@openjdk.org> wrote:
> > I was asking if `getIssuerAlternativeNameExtension` can throw the exception if \
> > IAE exists but not parseable.
>
> Ok, I understand your comment now. I'm hesitant to change those methods to throw an \
> exception because to be consistent all the `get*Extension()` methods should then \
> throw an Exception. That might be the right thing to do, but it is a bigger change \
> and more risky. The code that calls these internal methods is used for building \
> certification paths, and if null is returned, it is as if the certificate did not \
> contain the extension. That might be a more reasonable behavior than throwing an \
> Exception, since it allows the code to find other potential certificates or \
> certification paths. Adding certpath debug can always be used to find out more \
> about why certain certificates were not selected.
OK.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6106
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic