On Tue, 15 Feb 2022 20:00:24 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> New commit pushed. For the openssl style suggestion, I think its major > benefit is to provide a string format of the type (like `"othername: UPN:"`). > In the `default` block, it still extracts either the IA5String or the > UTF8String. I think it's not worth penalizing people putting an IA5String > into a UPN. Right? UPN is a DirectoryString from AD which is UTF-8 encoded. The default case from OPENSSL tries to cover OIDs it does not know. UPN it does know and its semantics is always UTF8String. Everything else is wrong. I5AString is rather email which is another general name. We have now two options: add well known and decode accordingly or do yhe default case. From a user's perspective the encoding is rather irrelevant because he wants Java types. ------------- PR: https://git.openjdk.java.net/jdk/pull/7167
