United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6958869 regression: PKIXValidator fails when multiple trust anchors have same dn
JDK-6958869 : regression: PKIXValidator fails when multiple trust anchors have same dn

Details
Type:
Bug
Submit Date:
2010-06-06
Status:
Closed
Updated Date:
2011-03-07
Project Name:
JDK
Resolved Date:
2011-03-07
Component:
security-libs
OS:
generic
Sub-Component:
java.security
CPU:
generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:

Related Reports
Backport:
Backport:
Relates:

Sub Tasks

Description
Fix for 6948803 breaks PKIXValidator, it checks if the head of a input chain using a Map<X500Principal,Cert>. If there are multiple trust anchors with the same dn, this map is not complete. In this case, a trust anchor might be checked as an intermediate CA. Since the check for an intermediate CA is much more restrictive, some valid chains are rejected.

                                    

Comments
EVALUATION

Change Map<X500Principal,Cert> into Map<X500Principal,List<Cert>> so that it's complete.
                                     
2010-06-08
EVALUATION

http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b1ec20722051
                                     
2010-06-11



Hardware and Software, Engineered to Work Together