> On 24 Mar 2015, at 14:12, Sean Mullan <sean.mul...@oracle.com> wrote: > > On 03/24/2015 08:53 AM, Jan Willem Janssen wrote: >> >> When a X509TrustManager validates an endpoint certificate containing a >> critical custom extension the sun.security.validator.EndEntityChecker >> will always fail. While this is correct behaviour, and according to >> the spec, there appears no way of adding support for custom critical >> extensions on endpoint certificates?! > > The CertPath API allows you to create your own PKIXCertPathChecker to process > custom extensions. This could then be added to the > CertPathTrustManagerParameters (via the addCertPathChecker method of > PKIXParameters), but it looks like there is no hook in the EndEntityChecker > to call the PKIXCertPathCheckers.
Yes, that is also what I was doing, but was a little surprised that EndEntityChecker didn’t take any of those custom PKIXCertPathCheckers into consideration. > I'll file a bug. Thanks for the clarification, Sean! -- Met vriendelijke groeten | Kind regards Jan Willem Janssen | Software Architect +31 631 765 814 My world is revolving around INAETICS and Amdatu Luminis Technologies B.V. Churchillplein 1 7314 BZ Apeldoorn +31 88 586 46 00 http://www.luminis-technologies.com http://www.luminis.eu KvK (CoC) 09 16 28 93 BTW (VAT) NL8169.78.566.B.01
signature.asc
Description: Message signed with OpenPGP using GPGMail
