-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 5/29/17 11:40 AM, Christopher Schultz wrote:
> Mark,
>
> On 6/23/16 7:58 AM, Mark Thomas wrote:
>> On a related topic, I wonder how tolerant
>> CertificateFactory.generateCertificate() is since that will have
>> an impact on exactly how smart the SSLValve needs to be.
>
> Tested with Oracle Java 1.8.0_121:
>
> * Normal PEM-encoded cert is parsed just fine by
> CertificateFactory * Replacing all newlines with a single space
> causes an error ("Incomplete data") * Replacing all newlines after
> the first newline (after --- BEGIN ... ---) works as desired *
> Removing all whitespace after the initial newline works as desired
>
> So a certificate that looks like this:
>
> -----BEGIN CERTIFICATE-----
> MIICERTDATACERTDATACERTDATACERTDATACERTDATACERTDATACERTDATACERTDATACER
TD
>
>
ATACERTDATA......-----END
> CERTIFICATE-----
>
> Is good enough for CertificateFactory (in its current form).
>
> We may be able to get away with just a single whitespace ->
> newline character conversion, instead of completely restoring the
> 64-character-wrapped PEM-encoded certificate.
Furthermore, CertificateFactory does not complain if there is an
additional newline between the "-----BEGIN CERTIFICATE-----\n" and the
rest of the certificate.
That means that, theoretically, we could simply write the "BEGIN"
header, then a newline, then everything that follows it regardless of
the composition, and CertificateFactory should be able to handle it.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJZLEYSAAoJEBzwKT+lPKRYwqoQAKyldCc8V7PkkmDvyPrq4Feq
tbO8E5lY9LQS9RhUguoI29j7/9xJSG4Z12/hRk5dkwaMwTBWgZWIrnSkVKhooCUE
InFeg5F1Zt5YLK5LjtFkLg12XH55noQqEHW7cJa1XqpL72OC/qdEHMqOrMs9ZJPW
LMr8E7pMmgou4NB5zxn1w2O4ZPkeRUDaw0OLmYcCH11vo27FKORAZ3UB+IAcQzq7
tPwgC7hSP5sao7x892CFHOvqNBw6bEdjpgvLtg/ndaE3odzxf1OlPfjg52RW3cwQ
06TTL6Db7HPRGme9UzQBps0gPR/57uXDsAmySejAYs3e6y8P3q4Wcp+0q0Trj1j0
5zadfF0pOIxJC/IVycg69XtGjn5Wbec8yaqaylGuiM07riC4Aev/uvbp1AEmekP5
3mOkpIFh1eZFZhDyv019BhKNm4r9QRaqBJ0llh6tHwWhlN2Ube/AlOtXe8yUPE75
jLktl3t7dqtfzzrMxn1nzEP5EWOSISxHa8lkpDXmT6tQ3XXxXiYXVwPOsFls1seh
O7jlqzmmGe6vSRGIRIngh7a6oMczMaCWQ0ZWdk17oUdTYELhdLFHtFykA04wXXF7
B4BlJoG5hKTKf/d/+T+k/I57xuNYcMpSKaCZfhAJf/Gi4ASVZ3U12KpPPr66eOln
ipt2DAxpm1K9l4dVaeqH
=1a+W
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
