-
Bug
-
Resolution: Fixed
-
P3
-
1.3.1_07, 1.4.0
-
None
-
10
-
generic, sparc
-
generic, solaris_8
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2045306 | 1.4.0 | Andreas Sterbenz | P3 | Resolved | Fixed | beta2 |
CRLReasonCodeExtension throws an exception if it encounters an unrecognized reason code. This is not compliant with X.509 or the latest PKIX specs (as noted in Appendix B of draft-ietf-pkix-new-part1-07.txt), which say that unrecognized revocation reason codes should be ignored.
Because of this behavior, our PKIX CertPathVerifier and CertPathBuilder are not strictly PKIX compliant. In fact, they reject any CRL that contains one of the new reason codes added to X.509(2000) and draft-ietf-pkix-new-part1-07.txt: privilegeWithdrawn and aACompromise.
Because of this behavior, our PKIX CertPathVerifier and CertPathBuilder are not strictly PKIX compliant. In fact, they reject any CRL that contains one of the new reason codes added to X.509(2000) and draft-ietf-pkix-new-part1-07.txt: privilegeWithdrawn and aACompromise.
- backported by
-
JDK-2045306 Unknown revocation reasons aren't handled well
-
- Resolved
-
- duplicates
-
-
- Closed
-
- relates to
-
JDK-4479530 New revocation reasons should be supported
-
- Resolved
-