> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enforced in the `encode()` method, where the extension val
On Tue, 22 Nov 2022 20:43:37 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java
>> line 76:
>>
>>> 74: */
>>> 75: public SubjectKeyIdentifierExtension(byte[] octetString)
>>> 76: throws IOException {
>>
>> Do you wan
On Tue, 22 Nov 2022 20:24:23 GMT, Weijun Wang wrote:
>> Do you want to add similar checks to the `GeneralSubtree` and
>> `GeneralSubtrees` ctors?
>
> I'll add a check in `GeneralSubtree` to reject a null name. `GeneralSubtrees`
> is complicated. The intersect and reduce methods make it mutable,
On Tue, 22 Nov 2022 21:02:14 GMT, Weijun Wang wrote:
> Oh, when parsing a `SubjectAlternativeNameExtension` or an
> `IssuerAlternativeNameExtension`, an empty `GeneralNames` is returned when
> the content is empty. I would like to study more about it in another bug.
Ok.
-
PR: htt
On Tue, 22 Nov 2022 21:43:42 GMT, Weijun Wang wrote:
>> Inside JDK we support a lot of X.509 certificate extensions. Almost every
>> extension has a rule about what is legal or not. For example, the names in
>> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a
>> rule is
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enforced in the `encode()` method, where the extension val
On Tue, 22 Nov 2022 17:42:06 GMT, Weijun Wang wrote:
>> Inside JDK we support a lot of X.509 certificate extensions. Almost every
>> extension has a rule about what is legal or not. For example, the names in
>> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a
>> rule is
On Tue, 22 Nov 2022 17:42:06 GMT, Weijun Wang wrote:
>> Inside JDK we support a lot of X.509 certificate extensions. Almost every
>> extension has a rule about what is legal or not. For example, the names in
>> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a
>> rule is
On Tue, 22 Nov 2022 20:09:02 GMT, Sean Mullan wrote:
> A general comment is that since we are adding checks for illegal values to
> the `*Extension` classes, we should probably go one step further and do the
> same for all the classes in `sun.security.x509` package. I'm ok if you want
> to han
On Tue, 22 Nov 2022 19:56:42 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> IssuerAlternativeNameExtension names
>
> src/java.base/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java
On Tue, 22 Nov 2022 19:53:44 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> IssuerAlternativeNameExtension names
>
> src/java.base/share/classes/sun/security/x509/SubjectAlternativeNameExtension.ja
On Tue, 22 Nov 2022 19:49:33 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java
>> line 142:
>>
>>> 140: if (permitted == null && excluded == null) {
>>> 141: throw new IllegalArgumentException(
>>> 142:
On Tue, 22 Nov 2022 19:34:24 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> IssuerAlternativeNameExtension names
>
> src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java
On Tue, 22 Nov 2022 17:42:06 GMT, Weijun Wang wrote:
>> Inside JDK we support a lot of X.509 certificate extensions. Almost every
>> extension has a rule about what is legal or not. For example, the names in
>> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a
>> rule is
On Tue, 22 Nov 2022 19:46:56 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> IssuerAlternativeNameExtension names
>
> src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java
> l
On Tue, 22 Nov 2022 17:42:06 GMT, Weijun Wang wrote:
>> Inside JDK we support a lot of X.509 certificate extensions. Almost every
>> extension has a rule about what is legal or not. For example, the names in
>> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a
>> rule is
On Tue, 22 Nov 2022 17:36:30 GMT, Weijun Wang wrote:
>> Inside JDK we support a lot of X.509 certificate extensions. Almost every
>> extension has a rule about what is legal or not. For example, the names in
>> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a
>> rule is
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enforced in the `encode()` method, where the extension val
On Tue, 22 Nov 2022 16:44:56 GMT, Weijun Wang wrote:
>> Inside JDK we support a lot of X.509 certificate extensions. Almost every
>> extension has a rule about what is legal or not. For example, the names in
>> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a
>> rule is
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enforced in the `encode()` method, where the extension val
On Tue, 22 Nov 2022 16:22:44 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> add test
>>
>> only in patch2:
>> unchanged:
>
> src/java.base/share/classes/sun/security/x509/CRLReasonCodeExtens
On Thu, 17 Nov 2022 23:52:02 GMT, Weijun Wang wrote:
>> Inside JDK we support a lot of X.509 certificate extensions. Almost every
>> extension has a rule about what is legal or not. For example, the names in
>> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a
>> rule is
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enforced in the `encode()` method, where the extension val
On Thu, 17 Nov 2022 15:57:40 GMT, Weijun Wang wrote:
>> Inside JDK we support a lot of X.509 certificate extensions. Almost every
>> extension has a rule about what is legal or not. For example, the names in
>> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a
>> rule is
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enforced in the `encode()` method, where the extension val
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enforced in the `encode()` method, where the extension val
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enforced in the `encode()` method, where the extension val
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enforced in the `encode()` method, where the extension val
On Mon, 14 Nov 2022 16:47:22 GMT, Weijun Wang wrote:
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enf
On Mon, 14 Nov 2022 16:47:22 GMT, Weijun Wang wrote:
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enf
On Mon, 14 Nov 2022 16:47:22 GMT, Weijun Wang wrote:
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enf
Inside JDK we support a lot of X.509 certificate extensions. Almost every
extension has a rule about what is legal or not. For example, the names in
`SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
is enforced in the `encode()` method, where the extension value is as
On Mon, 14 Nov 2022 16:47:22 GMT, Weijun Wang wrote:
> Inside JDK we support a lot of X.509 certificate extensions. Almost every
> extension has a rule about what is legal or not. For example, the names in
> `SubjectAlternativeNameExtension` cannot be missing or empty. Usually, a rule
> is enf
33 matches
Mail list logo