Yes, you're correct. I regard "not-working" -> "working" a fix, not a regression.
Thanks Max On Jul 31, 2010, at 12:46 AM, Sean Mullan wrote: > Hi Max, > > I'm not sure about this change. There's a definitely a change in behavior. > Before generateCertificate would only read one PEM block from the stream, and > throw an exception if it wasn't a certificate. But the current fix ignores > non certificate blocks until it finds a certificate or end of stream, right? > > --Sean > > On 7/30/10 2:39 AM, Weijun Wang wrote: >> Hi Sean >> >> 6973371: X509Factory should recognize PEM headers >> >> Please review the webrev: >> http://cr.openjdk.java.net/~weijun/6973371/webrev.00/ >> >> There is one place I haven't touched, generateCertPath. PKCS #7 PEM >> block should begin with -----BEGIN PKCS7-----, or as described in [1], >> with -----BEGIN CERTIFICATE-----. But what about a PKIPATH data block? >> >> Thanks >> Max >> >> >> === *Description* >> ============================================================ >> Currently, when X509Factory tries to read certificate or CRL from a PEM >> file, it simply finds a block starting with "-----BEGIN STH-----" and >> ending with "-----END STH-----", and does not care what this STH is at all. >> >> There are third-party tools that generates a PEM file containing >> different kinds of PEM blocks. For example, "openssl pkcs12" can read in >> a PKCS #12 file and output private key and certficates into a single PEM >> file. If we want Java to read certificates from this file, we must take >> care to remove any private key block first. This is quite troublesome. >> >> *** (#1 of 1): 2010-07-30 03:40:21 GMT+00:00 [email protected] >> >> [1] http://www.openssl.org/docs/apps/pkcs7.html#NOTES
