Hi Sean,
Looks good to me, but I'm not an official Reviewer.
I have a couple of questions, though.
1. This isn't a part of your change, but shouldn't the comment on line
200 of AdaptableX509CertSelector.java read "As for version 3,..." and
not "As for version 2,..."?
2. Just curious, any reason why this wasn't just fixed with
void parseAuthorityKeyIdentifierExtension(
AuthorityKeyIdentifierExtension akidext) throws IOException {
+ super.setSubjectKeyIdentifier(null);
+ super.setSerialNumber(null);
if (akidext != null) { ... }
in AdaptableX509CertSelector.java?
Thanks!
Jason
On 2/13/14 5:04 AM, Sean Mullan wrote:
See: http://cr.openjdk.java.net/~mullan/webrevs/8025708/webrev/
This fixes a problem with the PKIX CertPathBuilder where it wasn't able
to build a path when the Authority Key Identifier extension of an
intermediate CA cert did not contain a serial number field, and the end
entity cert did.
The problem was in the AdaptableX509CertSelector class. It was reusing
this selector without re-initializing certain fields. I changed the
implementation of this class so that it doesn't have this issue anymore.
Thanks,
Sean
