-
Type:
Enhancement
-
Resolution: Fixed
-
Priority:
P5
-
Affects Version/s: 1.2.2
-
Component/s: security-libs
-
None
-
beta
-
generic
-
generic
Standard PKIX extensions may be "critical" or "non-critical", indicated by
a field in the standard encoding of any extension.
Current classes implementing PKIX extensions allow the caller to control
the criticality setting only through the constructor form that takes a
DER-encoded extension value as input. In most cases, criticality is set
false; for a few extensions, criticality is set true.
While PKIX has recommendations about default criticality of extensions, these
are not mandatory in most cases, and in many cases there is no recommendation.
There should be a straight-forward way to set the criticality of an extension.
a field in the standard encoding of any extension.
Current classes implementing PKIX extensions allow the caller to control
the criticality setting only through the constructor form that takes a
DER-encoded extension value as input. In most cases, criticality is set
false; for a few extensions, criticality is set true.
While PKIX has recommendations about default criticality of extensions, these
are not mandatory in most cases, and in many cases there is no recommendation.
There should be a straight-forward way to set the criticality of an extension.