Hi Sean
I don't think this is a spec change. There is no such low-level spec on
what kinds of PKCS #9 attribute or CertificateChoices we should support.
The data structures themselves were defined long time ago (RFC 2630 on
1999, RFC 2985 on 2000) before JDK 7.
Yes, there will be behavior change but since both code changes are about
accepting formerly-unknown data types, we will only see less exception
than before. The main reason I want to fix these 2 bugs is because our
own jarsigner tool fails on modern TSA servers.
All related api/java_security JCK tests pass, according to the
jck_runtime results reported by SQE's nightly runs on jdk8/tl builds.
Thanks
Weijun
On 4/15/13 3:52 PM, Seán Coffey wrote:
Weijun,
would you regard this fix as a spec change for an update release ? Do
docs specify what PKI related data types the JDK supports anywhere ? I'm
just wondering if this could introduce an unexpected behavioural change
for some applications. Have all related TCK tests been run ?
regards,
Sean.
On 15/04/2013 03:11, Weijun Wang wrote:
Hi All
This is a request to backport 2 jdk8 fixes into jdk7u.
8011867: Accept unknown PKCS #9 attributes
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8011867
8011745: Unknown CertificateChoices
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8011745
Both bugs are about parsing PKI-related data. Previously unsupported
data types are now either supported or ignored without throw an
exception.
The fix is already included in jdk8 as:
http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0ab22e58d151
http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1c3fff140324
Both reviewed by vinnie. The patch for jdk7uXXX is identical to the
one in jdk8.
Thanks
Weijun
