Could you please review the JDK-8255739 bug fix? I think sun.security.x509.SubjectAlternativeNameExtension() should throw an exception for incorrect SubjectAlternativeNames instead of returning the substituted characters, which is explained in the description of BugDB.
I modified DerValue.readStringInternal() not to read incorrect SubjectAlternativeNames and throw an IOException. sun.security.x509.X509CertInfo.parse() catch the IOExcepton and ignore it if SAN is a non-ciritical extension like the behavior of the IOException in readStringInternal(). So I added a test with -Djava.security.debug=x509 to confirm that. ------------- Commit messages: - 8255739: x509Certificate returns � for invalid subjectAlternativeNames Changes: https://git.openjdk.java.net/jdk/pull/6928/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=6928&range=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8255739 Stats: 159 lines in 2 files changed: 158 ins; 0 del; 1 mod Patch: https://git.openjdk.java.net/jdk/pull/6928.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/6928/head:pull/6928 PR: https://git.openjdk.java.net/jdk/pull/6928
