Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P4
Fix Version/s: 21
Affects Version/s: None
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b13
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8306287	17.0.8-oracle	Nibedita Jena	P4	Resolved	Fixed	b03
JDK-8307337	17.0.8	Goetz Lindenmaier	P4	Resolved	Fixed	b02
JDK-8310851	11.0.21	Goetz Lindenmaier	P4	Resolved	Fixed	b01
JDK-8306288	11.0.20-oracle	Nibedita Jena	P4	Resolved	Fixed	b03
JDK-8320823	openjdk8u412	Andrew Hughes	P4	Resolved	Fixed	b01

The LDAPCertStore implementation passes Distinguished Names in CRL and Certificate URLs as Strings to JNDI APIs such as LdapContext.getAttributes(String), which then treats them as CompositeNames. This causes issues with URLs that have DNs with forward slashes as a forward slash is treated as a separation character in composite names. Instead, the implementation should be passing the DN to JNDI as an LdapName.

An LDAP URL containing a forward slash in the Distinguished Name such as "ldap://host/cn=foo/123" is compliant with RFC 5280 and should be treated as an LdapName and not a composite name and should not be rejected.

backported by

JDK-8306287 LDAP CertStore should use LdapName and not String for DNs

Resolved

JDK-8306288 LDAP CertStore should use LdapName and not String for DNs

Resolved

JDK-8307337 LDAP CertStore should use LdapName and not String for DNs

Resolved

JDK-8310851 LDAP CertStore should use LdapName and not String for DNs

Resolved

JDK-8320823 LDAP CertStore should use LdapName and not String for DNs

Resolved

duplicates

JDK-8289884 Actalis intermediate CA has invalid name in CRL DP

Closed

relates to

JDK-8312126 NullPointerException in CertStore.getCRLs after 8297955

Closed

links to

Commit openjdk/jdk8u-dev/b2655a72

Commit openjdk/jdk11u-dev/7f1047ed

Commit openjdk/jdk17u-dev/96adf073

Commit openjdk/jdk/df9aad01

Review openjdk/jdk8u-dev/388

Review openjdk/jdk11u-dev/1975

Review openjdk/jdk17u-dev/1303

Review openjdk/jdk/12730

(1 duplicates, 1 relates to, 8 links to)

Assignee:: Sean Mullan

Reporter:: Sean Mullan

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2022-12-01 06:37

Updated:: 2023-11-27 19:35

Resolved:: 2023-03-03 05:07

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates