Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 1.3.1_10
Affects Version/s: 1.3.1_07, 1.4.0
Component/s: security-libs
Labels:
None

Subcomponent:
java.security
Resolved In Build:
10
CPU:

generic, sparc
OS:

generic, solaris_8
Verification:
Verified

Backports

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-2045306	1.4.0	Andreas Sterbenz	P3	Resolved	Fixed	beta2

Description

CRLReasonCodeExtension throws an exception if it encounters an unrecognized reason code. This is not compliant with X.509 or the latest PKIX specs (as noted in Appendix B of draft-ietf-pkix-new-part1-07.txt), which say that unrecognized revocation reason codes should be ignored.

Because of this behavior, our PKIX CertPathVerifier and CertPathBuilder are not strictly PKIX compliant. In fact, they reject any CRL that contains one of the new reason codes added to X.509(2000) and draft-ietf-pkix-new-part1-07.txt: privilegeWithdrawn and aACompromise.

Attachments

Issue Links

backported by

JDK-2045306 Unknown revocation reasons aren't handled well

Resolved

duplicates

JDK-4908982 sun.security.x509.CRLExtensions failure for parsing the CRL with reason code 9

Closed

relates to

JDK-4479530 New revocation reasons should be supported

Resolved

Activity

People

Assignee:: Andreas Sterbenz

Reporter:: J. Duke

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 2001-07-12 14:00

Updated:: 2003-11-07 08:59

Resolved:: 2001-08-03 15:37

Imported:: 16/Sep/12 1:58 AM

Indexed:: 17/Jul/12 10:01 PM