On 03/24/2015 08:53 AM, Jan Willem Janssen wrote:
Hi,
When a X509TrustManager validates an endpoint certificate containing a
critical custom extension the sun.security.validator.EndEntityChecker
will always fail. While this is correct behaviour, and according to
the spec, there appears no way of adding support for custom critical
extensions on endpoint certificates?!
The CertPath API allows you to create your own PKIXCertPathChecker to
process custom extensions. This could then be added to the
CertPathTrustManagerParameters (via the addCertPathChecker method of
PKIXParameters), but it looks like there is no hook in the
EndEntityChecker to call the PKIXCertPathCheckers. I'll file a bug.
--Sean
--
Met vriendelijke groeten | Kind regards
Jan Willem Janssen | Software Architect
+31 631 765 814
My world is revolving around INAETICS and Amdatu
Luminis Technologies B.V.
Churchillplein 1
7314 BZ Apeldoorn
+31 88 586 46 00
http://www.luminis-technologies.com
http://www.luminis.eu
KvK (CoC) 09 16 28 93
BTW (VAT) NL8169.78.566.B.01
