Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8297955

LDAP CertStore should use LdapName and not String for DNs

    XMLWordPrintable

Details

    • b13
    • Verified

    Backports

      Description

        The LDAPCertStore implementation passes Distinguished Names in CRL and Certificate URLs as Strings to JNDI APIs such as LdapContext.getAttributes(String), which then treats them as CompositeNames. This causes issues with URLs that have DNs with forward slashes as a forward slash is treated as a separation character in composite names. Instead, the implementation should be passing the DN to JNDI as an LdapName.

        An LDAP URL containing a forward slash in the Distinguished Name such as "ldap://host/cn=foo/123" is compliant with RFC 5280 and should be treated as an LdapName and not a composite name and should not be rejected.

        Attachments

          Issue Links

            Activity

              People

                mullan Sean Mullan
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: