On Fri, 14 Jan 2022 11:18:23 GMT, Masanori Yano <my...@openjdk.org> wrote:
>> Could you please review the JDK-8255739 bug fix? >> >> I think sun.security.x509.SubjectAlternativeNameExtension() should throw an >> exception for incorrect SubjectAlternativeNames instead of returning the >> substituted characters, which is explained in the description of BugDB. >> >> I modified DerValue.readStringInternal() not to read incorrect >> SubjectAlternativeNames and throw an IOException. >> sun.security.x509.X509CertInfo.parse() catch the IOExcepton and ignore it if >> SAN is a non-ciritical extension like the behavior of the IOException in >> readStringInternal(). So I added a test with -Djava.security.debug=x509 to >> confirm that. > > Masanori Yano has updated the pull request incrementally with one additional > commit since the last revision: > > 8255739: x509Certificate returns � for invalid subjectAlternativeNames Hi Mike, we don't support an OAEP key (i.e. RSA keys with OAEP parameters). If you want OAEP encryption, just use a plain RSA key and pass an OAEPParameterSpec to the RSA Cipher's init method. ------------- PR: https://git.openjdk.java.net/jdk/pull/6928
