JDK-7099399 : cannot deal with CRL file larger than 16MB
Type:Bug
Component:security-libs
Sub-Component:java.security
Affected Version:8
Priority:P4
Status:Closed
Resolution:Fixed
OS:generic
CPU:generic
Submitted:2011-10-11
Updated:2012-09-06
Resolved:2012-09-06
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
The X.509 impl of CertificateFactory only parses X.509 blocks smaller than 16MB, i.e. when the length can be encoded in 3 octets. Now we have a customer whose CRL file is as big as 30MB.
EVALUATION
Although we will fix this bug and support larger CRL files, parsing it consumes huge amount of memory. There might be some deeper problems in the DerInputStream or DerInputBuffer. That will be resolved in 6670894 (already added in See Also).