On Mon, 25 Oct 2021 14:20:08 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> How about other `X509Certificate` methods that get info of an extension? Good question. There are 3: `getBasicConstraints`, `getKeyUsage` and `getExtendedKeyUsage`. The first two methods are not specified to throw an Exception, so that seems like a more significant change and I'm not sure it is worth it. Also, if they are marked critical, then an exception will be thrown when the X509Certificate is parsed. As for `getExtendedKeyUsage`, it is specified to throw a `CertificateParsingException` but it looks like it also has the same problem as the altnames, so I will change the impl to comply with the spec. ------------- PR: https://git.openjdk.java.net/jdk/pull/6106
