On Tue, 15 Feb 2022 15:55:50 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Correct, but they don't swallow at least. > > But in this case, we still have a place to provide the raw bytes. Maybe > that's better? Or you'd rather be guaranteed that one particular otherName > should always have a string there and there's no need to do an `instanceof` > check? What if the tag is already wrong and I don't know it should be a > string? I have thought about this actually. Now the parse is free of any semantics, which is naive. Actually, you need a list of wellknown OIDs to know the target tag type to perform the conversion. E.g., you know that MS UPN must be UTF8String, if not this is an error. If you don't know the OID, don't touch it. OpenSSL knows the semantics and decodes it, otherwise don't touch it and leave it: https://github.com/openssl/openssl/blob/317acac5cc0a2cb31bc4b91353c2b752a3989d8a/crypto/x509/v3_san.c#L113-L120 ------------- PR: https://git.openjdk.java.net/jdk/pull/7167
