[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-security-dev
Subject:    Re: RFR: 8251468: X509Certificate.get{Subject, Issuer}AlternativeNames does not throw CertificatePar
From:       Weijun Wang <weijun () openjdk ! java ! net>
Date:       2021-10-26 15:50:20
Message-ID: smLaqONqgAPPdK8bNEb-0IbPacfmfsCmk-A-ytEZUP0=.ec60e53e-d6f3-4c1d-8b5b-c178889eb8ec () github ! com
[Download RAW message or body]

On Tue, 26 Oct 2021 15:28:51 GMT, Sean Mullan <mullan@openjdk.org> wrote:

> > I was asking if `getIssuerAlternativeNameExtension` can throw the exception if \
> > IAE exists but not parseable.
> 
> Ok, I understand your comment now. I'm hesitant to change those methods to throw an \
> exception because to be consistent all the `get*Extension()` methods should then \
> throw an Exception. That might be the right thing to do, but it is a bigger change \
> and more risky. The code that calls these internal methods is used for building \
> certification paths, and if null is returned, it is as if the certificate did not \
> contain the extension. That might be a more reasonable behavior than throwing an \
> Exception, since it allows the code to find other potential certificates or \
> certification paths. Adding certpath debug can always be used to find out more \
> about why certain certificates were not selected.

OK.

-------------

PR: https://git.openjdk.java.net/jdk/pull/6106


[prev in list] [next in list] [prev in thread] [next in thread]