You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by "Tim Ellison (JIRA)" <ji...@apache.org> on 2009/06/30 22:28:47 UTC
[jira] Resolved: (HARMONY-6248) [classlib][security] Wildcard
subjectAltName dNSName entries throw IOException
[ https://issues.apache.org/jira/browse/HARMONY-6248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Ellison resolved HARMONY-6248.
----------------------------------
Resolution: Fixed
Fix Version/s: 5.0M11
Thanks Ian.
Fix applied to SECURITY module at repo revision r789934.
Please check it resolves the issue for you.
> [classlib][security] Wildcard subjectAltName dNSName entries throw IOException
> ------------------------------------------------------------------------------
>
> Key: HARMONY-6248
> URL: https://issues.apache.org/jira/browse/HARMONY-6248
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ian Payton
> Assignee: Tim Ellison
> Fix For: 5.0M11
>
> Attachments: harmony-6248-v2.patch, harmony-6248.patch
>
>
> Using the DRLCertFactory JCE provider, calling getSubjectAlternativeNames() on an X509Certificate throws IOException if the subjectAltName extension in the certificate contains a dNSName entry with a wildcard (such as "*.example.com").
> This is ultimately because GeneralName::checkDNS() does not allow wildcard entries. RFC3280 and RFC1034 both discuss wildcards, although a strict reading of RFC3280 would *appear* not to allow for them in a subjectAltName dNSName. However, RFC3280 explicitly allows for application-specific semantics of use of wildcards in subjectAltName. As the Harmony code currently stands, it is not possible for an application to even retrieve the subjectAltName values if they contain a dNSName that does not strictly conform to the "preferred name syntax" in RFC1034. So it is not possible for an application to make the decision on what semantics to apply to a wildcard value.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.