[9] RFR: 8076117: EndEntityChecker should not process custom extensions after PKIX validation

Jason Uh Fri, 10 Apr 2015 12:41:20 -0700

Please review this fix, which prevents redundant extension checking inEndEntityChecker.

When checking extensions in an end entity certificate, ifsun.security.validator.EndEntityChecker comes across any extensions thatare critical and unknown, it throws an exception, even if thoseextensions had already been checked by custom PKIXCertPathCheckers(specified in the PKIXParameters) earlier in the validation byPKIXValidator. This checking is not necessary when path validation isperformed by a PKIXValidator.

However, if the validation is performed by a SimpleValidator,EndEntityChecker should continue to check extensions.


webrev: http://cr.openjdk.java.net/~juh/8076117/00/
bug: https://bugs.openjdk.java.net/browse/JDK-8076117

Thanks,
Jason

[9] RFR: 8076117: EndEntityChecker should not process custom extensions after PKIX validation

Reply via email to