JDK-8133489 : Better messaging for PKIX path validation matching
- Type: Enhancement
- Component: security-libs
- Sub-Component: javax.net.ssl
- Affected Version: 8,9
- Priority: P4
- Status: Resolved
- Resolution: Fixed
- OS: generic
- CPU: generic
- Submitted: 2015-08-12
- Updated: 2022-06-27
- Resolved: 2019-06-21
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 13 | JDK 14 | JDK 8 | Other |
|---|---|---|---|---|
| 11.0.5-oracleFixed | 13.0.3Fixed | 14 b03Fixed  |
8u241Fixed |
openjdk8u242Fixed |
Related Reports
|
Relates :
|
Description
We should try and be more verbose when it comes to PKIX path validation. Include more information in debug logs where possible. Here's a recent example I worked on : certpath: X509CertSelector.match(SN: xxx1a8ae Issuer: OU=xxxxx CA,OU=Certification Authorities,OU=xxxxx,O=xxxx,C=US Subject: OU=xxx CA4,OU=Certification Authorities,OU=xxxxx,O=xxxx,C=US) certpath: X509CertSelector.match: subject key IDs don't match Print the SKIDs! there are other examples in X509CertSelector also where we can print IDs to debug logs.
Comments
|