Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8133489

Better messaging for PKIX path validation matching

    XMLWordPrintable

Details

    • b03
    • generic
    • generic

    Backports

      Description

        We should try and be more verbose when it comes to PKIX path validation. Include more information in debug logs where possible.

        Here's a recent example I worked on :

        certpath: X509CertSelector.match(SN: xxx1a8ae
          Issuer: OU=xxxxx CA,OU=Certification Authorities,OU=xxxxx,O=xxxx,C=US
          Subject: OU=xxx CA4,OU=Certification Authorities,OU=xxxxx,O=xxxx,C=US)
        certpath: X509CertSelector.match: subject key IDs don't match

        Print the SKIDs! there are other examples in X509CertSelector also where we can print IDs to debug logs.

        Attachments

          Issue Links

            Activity

              People

                coffeys Sean Coffey
                coffeys Sean Coffey
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: