harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian Payton (JIRA)" <j...@apache.org>
Subject [jira] Created: (HARMONY-6248) Wildcard subjectAltName dNSName entries throw IOException
Date Thu, 25 Jun 2009 15:32:07 GMT
Wildcard subjectAltName dNSName entries throw IOException
---------------------------------------------------------

                 Key: HARMONY-6248
                 URL: https://issues.apache.org/jira/browse/HARMONY-6248
             Project: Harmony
          Issue Type: Bug
          Components: Classlib
            Reporter: Ian Payton


Using the DRLCertFactory JCE provider, calling getSubjectAlternativeNames() on an X509Certificate
throws IOException if the subjectAltName extension in the certificate contains a dNSName entry
with a wildcard (such as "*.example.com").

This is ultimately because GeneralName::checkDNS() does not allow wildcard entries.  RFC3280
and RFC1034 both discuss wildcards, although a strict reading of RFC3280 would *appear* not
to allow for them in a subjectAltName dNSName.  However, RFC3280 explicitly allows for application-specific
semantics of use of wildcards in subjectAltName.  As the Harmony code currently stands, it
is not possible for an application to even retrieve the subjectAltName values if they contain
a dNSName that does not strictly conform to the "preferred name syntax" in RFC1034.  So it
is not possible for an application to make the decision on what semantics to apply to a wildcard
value.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message