On Mon, 25 Oct 2021 14:17:56 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> The JDK implementation (as supplied by the "SUN" provider) of >> `X509Certificate::getSubjectAlternativeNames` and >> `X509Certificate::getIssuerAlternativeNames` returns `null` instead of >> throwing a `CertificateParsingException` when the extension is unparseable. >> >> This fix changes the behavior to comply with the specification. >> >> CSR: https://bugs.openjdk.java.net/browse/JDK-8275822 > > src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 1618: > >> 1616: } >> 1617: SubjectAlternativeNameExtension subjectAltNameExt = >> 1618: getSubjectAlternativeNameExtension(); > > Does it make sense to let the line above throwing an exception? I see the > method is called in several places (`X509CertSelector`, `Builder`, etc). What > is the correct behavior in those places? To clarify, do you mean this code in `getExtension(ObjectIdentifier)` that swallows the exception?: } catch (IOException ioe) { return null; } ------------- PR: https://git.openjdk.java.net/jdk/pull/6106
