United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7099399 cannot deal with CRL file larger than 16MB
JDK-7099399 : cannot deal with CRL file larger than 16MB

Details
Type:
Bug
Submit Date:
2011-10-11
Status:
Closed
Updated Date:
2012-09-06
Project Name:
JDK
Resolved Date:
2012-09-06
Component:
security-libs
OS:
generic
Sub-Component:
java.security
CPU:
generic
Priority:
P4
Resolution:
Fixed
Affected Versions:
8
Fixed Versions:

Related Reports
Backport:
Relates:

Sub Tasks

Description
The X.509 impl of CertificateFactory only parses X.509 blocks smaller than 16MB, i.e. when the length can be encoded in 3 octets. Now we have a customer whose CRL file is as big as 30MB.

                                    

Comments
EVALUATION

Although we will fix this bug and support larger CRL files, parsing it consumes huge amount of memory. There might be some deeper problems in the DerInputStream or DerInputBuffer. That will be resolved in 6670894 (already added in See Also).
                                     
2011-10-12
EVALUATION

http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6cb07b35acf5
                                     
2011-10-17



Hardware and Software, Engineered to Work Together