JDK-6958869 : regression: PKIXValidator fails when multiple trust anchors have same dn
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 7
- Priority: P2
- Status: Closed
- Resolution: Fixed
- OS: generic
- CPU: generic
- Submitted: 2010-06-06
- Updated: 2011-03-07
- Resolved: 2011-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 6 | JDK 7 | Other |
|---|---|---|
6u21Fixed  |
7 b100Fixed |
OpenJDK6Fixed |
Related Reports
|
Relates :
|
Description
Fix for 6948803 breaks PKIXValidator, it checks if the head of a input chain using a Map<X500Principal,Cert>. If there are multiple trust anchors with the same dn, this map is not complete. In this case, a trust anchor might be checked as an intermediate CA. Since the check for an intermediate CA is much more restrictive, some valid chains are rejected.
Comments
|