Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6803376

BasicConstraintsExtension does not encode when (ca==false && pathLen<0)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 7
    • 7
    • security-libs
    • b50
    • generic
    • generic
    • Verified

      When trying to encode a BasicConstraintsExtension with ca=false and a default pathlen (-1), the following exception is thrown:

      Caused by: java.io.IOException: No value to encode for the extension!
      at sun.security.x509.Extension.encode(Extension.java:173)
      at sun.security.x509.BasicConstraintsExtension.encode(BasicConstraintsExtension.java:204)

      The reason is the codes below in BasicConstraintsExtension.java,

           private void encodeThis() throws IOException {
               if (ca == false && pathLen < 0) {
                   this.extensionValue = null;
                   return;
               }
               ....

      The ASN.1 definition for the extension (RFC 5280 4.2.1.9) declares both field as optional inside a SEQUENCE.

            weijun Weijun Wang
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: