On Tue, 15 Feb 2022 20:09:27 GMT, Michael Osipov <d...@openjdk.java.net> wrote:
> > New commit pushed. For the openssl style suggestion, I think its major > > benefit is to provide a string format of the type (like `"othername: > > UPN:"`). In the `default` block, it still extracts either the IA5String or > > the UTF8String. I think it's not worth penalizing people putting an > > IA5String into a UPN. Right? > > UPN is a DirectoryString from AD which is UTF-8 encoded. The default case > from OPENSSL tries to cover OIDs it does not know. UPN it does know and its > semantics is always UTF8String. Everything else is wrong. I5AString is rather > email which is another general name. We have now two options: add well known > and decode accordingly or do yhe default case. From a user's perspective the > encoding is rather irrelevant because he wants Java types. I'll pick the 2nd option now. ------------- PR: https://git.openjdk.java.net/jdk/pull/7167
