On Tue, 15 Feb 2022 15:16:58 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> The enhancement adds two extra items in the `getSubjectAlternativeNames()`
>> output for an OtherName.
>>
>> It also fix several errors:
>> 1. In `OtherName.java`, `nameValue` should be the value inside `CONTEXT [0]`
>> without the tag and length bytes.
>> 2. The argument in constructor `extClass.getConstructor(Object.class)` is
>> suspicious. Maybe it meant `byte[]`.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> string at 4th place
src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 1594:
> 1592: String v = new
> DerValue(nameValue).getAsString();
> 1593: nameEntry.add(v == null ? nameValue : v);
> 1594: } catch (IOException ioe) {
Attention, this catch block will hide invalid ASN.1 encoding of the other name
element from:
* sun.security.util.DerValue.init(boolean, InputStream, boolean)
* sun.security.util.DerValue.getIA5String()
Other blocks throw:
throw new CertificateException("Unable to parse DER value of SAN:otherName",
ioe);
Do you really intend to hide an encoding error int the cert from the user?
-------------
PR: https://git.openjdk.java.net/jdk/pull/7167
