Hello Sean,
I tried now 1.8.0_152ea b04 (May 2017) and using the keytool works now
again to open the JKS with this broken certificate. It is also possible to
use CertificateFactory.getInstance("X.509").getenrateCertificate(in) with
the questionalble certs.
This is great! From the look of JDK-8175
The keystore I have here (which has leading 0 in Modulus in 1 cert and 0 in
serial number in another) does not open in test program or keytool.exe with
8u131 (sorry last mail 7u131 was a typo)
This happens before the password query:
C:\Users> "c:\Program Files\Java\jdk1.8.0_131\bin\keytool.exe"
Hi Bernd,
This issue should be fixed in 8u131. Can you try that and let us know?
--Sean
On 6/9/17 10:18 PM, Bernd wrote:
I noticed there is a bug (8177657,etc) about stricter DER checking on
JDK Certificate code. I have an JKS Keystore which no longer can be
opened because of that.
I unders
I noticed there is a bug (8177657,etc) about stricter DER checking on JDK
Certificate code. I have an JKS Keystore which no longer can be opened
because of that.
I understand that the strict parsing has to stay for public keys, however I
wonder if anything can be done about loading the other keys
