-
Bug
-
Resolution: Fixed
-
P4
-
9
-
None
-
b47
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8084131 | emb-9 | Jason Uh | P4 | Resolved | Fixed | team |
RFC 5280 has obsoleted RFC 3280 and has updated its guidelines for the criticality of the X.509 policy mappings extension and policy constraints extensions.
From RFC 5280:
* Section 4.2.1.5 recommends marking the policy mappings extension
as critical. RFC 3280 required that the policy mappings
extension be marked as non-critical.
* Section 4.2.1.11 requires marking the policy constraints
extension as critical. RFC 3280 permitted the policy
constraints extension to be marked as critical or non-critical.
The current implementation constructs both extensions as non-critical by default. This should be changed.
From RFC 5280:
* Section 4.2.1.5 recommends marking the policy mappings extension
as critical. RFC 3280 required that the policy mappings
extension be marked as non-critical.
* Section 4.2.1.11 requires marking the policy constraints
extension as critical. RFC 3280 permitted the policy
constraints extension to be marked as critical or non-critical.
The current implementation constructs both extensions as non-critical by default. This should be changed.
- backported by
-
JDK-8084131 Change default criticality of policy mappings and policy constraints certificate extensions
-
- Resolved
-