Re-send mail. Probably lost during in a mail server outage.
On 07/31/2010 09:46 PM, Weijun Wang wrote:
Yes, you're correct.
I regard "not-working" -> "working" a fix, not a regression.
Thanks
Max
On Jul 31, 2010, at 12:46 AM, Sean Mullan wrote:
Hi Max,
I'm not sure about this change. There's a definitely a change in behavior.
Before generateCertificate would only read one PEM block from the stream, and
throw an exception if it wasn't a certificate. But the current fix ignores non
certificate blocks until it finds a certificate or end of stream, right?
--Sean
On 7/30/10 2:39 AM, Weijun Wang wrote:
Hi Sean
6973371: X509Factory should recognize PEM headers
Please review the webrev:
http://cr.openjdk.java.net/~weijun/6973371/webrev.00/
There is one place I haven't touched, generateCertPath. PKCS #7 PEM
block should begin with -----BEGIN PKCS7-----, or as described in [1],
with -----BEGIN CERTIFICATE-----. But what about a PKIPATH data block?
Thanks
Max
=== *Description*
============================================================
Currently, when X509Factory tries to read certificate or CRL from a PEM
file, it simply finds a block starting with "-----BEGIN STH-----" and
ending with "-----END STH-----", and does not care what this STH is at all.
There are third-party tools that generates a PEM file containing
different kinds of PEM blocks. For example, "openssl pkcs12" can read in
a PKCS #12 file and output private key and certficates into a single PEM
file. If we want Java to read certificates from this file, we must take
care to remove any private key block first. This is quite troublesome.
*** (#1 of 1): 2010-07-30 03:40:21 GMT+00:00 [email protected]
[1] http://www.openssl.org/docs/apps/pkcs7.html#NOTES
