Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6958869

regression: PKIXValidator fails when multiple trust anchors have same dn

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P2
    • 7
    • 7
    • security-libs
    • b05
    • b100
    • generic
    • generic
    • Verified

    Backports

      Description

        Fix for 6948803 breaks PKIXValidator, it checks if the head of a input chain using a Map<X500Principal,Cert>. If there are multiple trust anchors with the same dn, this map is not complete. In this case, a trust anchor might be checked as an intermediate CA. Since the check for an intermediate CA is much more restrictive, some valid chains are rejected.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2194316 regression: PKIXValidator fails when multiple trust anchors have same dn

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2194455 regression: PKIXValidator fails when multiple trust anchors have same dn

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved
            relates to

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2193255 CertPath validation regression caused by SHA1 replacement root and MD2 disable feature

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Activity

              People

                weijun Weijun Wang
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: