You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by bu...@apache.org on 2007/09/19 15:51:43 UTC

DO NOT REPLY [Bug 43414] - Cannot parse X509 cert with key size longer than 2048 (JRE 1.4)

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43414>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43414


sean.mullan@sun.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO




------- Additional Comments From sean.mullan@sun.com  2007-09-19 06:51 -------
There are a couple of problems with the proposed solution.

First, there are plenty of other places in the code in which other JCE/JCA
engine classes are instantiated without specifying a specific provider. Second,
 one provider may not be the right provider for all of them (for example, they
may not support all of the algorithms you need).

A better solution, in my opinion, is to call the standard
java.security.Security.insertProviderAt API from your application which will
insert your preferred provider(s) at the preference you would like, ex:


    Security.insertProvider(new BouncyCastleProvider(), 1);

This will allow the JRE to fallback and try other installed 
providers if the provider above does not support a requested algorithm or
parameters, etc.

Let me know if this works for you.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.