Zitat von Martijn Brinkers <[email protected]>:
On 05/31/2013 10:24 PM, Martijn Brinkers wrote:On 05/31/2013 10:21 PM, [email protected] wrote:since release 2.5 some certificates fail with "Error building certPath. No data available in passed DER encoded value." The Issuer certificates are available and shown as valid, Djigzo Version 2.4.x also show the certs as valid. Any idea what could be wrong?No this is new to me. Can you send me the certificates? Or are you unable to export them?The certificate contains invalid data (at least invalid according to RFC 5280). The invalid data was silently ignored with OpenJDK 6 but OpenJDK 7 seems to be more strict (the Virtual Appliance by default uses OpenJDK 6). Details: The IssuerAltName extension is defined in RFC 5280 as: IssuerAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName So there should be at least one GeneralName if the IssuerAltName extension is defined. The certificate in question however contains an empty IssuerAltName sequence. This is not allowed. In Java 6, this was silently discarded but Java 7 seems to be more strict. For a similar report see https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=441801. Kind regards. Martijn Brinkers
I see, so the real "fix" would be to get a more obvious error message in Djigzo? If the certificate is invalid Djigzo is right to say so, but a pointer to *what* is invalid would be great. And BTW no need for additional Djigzo workarounds as it is still possible to add such certificates to the CTL.
Many Thanks Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
