JDK-8074935 : jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 8u91,9
- Priority: P3
- Status: Closed
- Resolution: Fixed
- Submitted: 2015-03-11
- Updated: 2018-05-03
- Resolved: 2015-03-23
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 8 | JDK 9 |
|---|---|
8u101Fixed  |
9 b57Fixed |
Related Reports
|
Duplicate :
|
|
|
Relates :
|
|
|
Relates :
|
Description
jdk7 keytool used to validate that input pem files were RFC 1421 compliant, but jdk8 keytool no longer does so, which seems like a bug. (but may be intentional; hard to tell) See http://en.wikipedia.org/wiki/Base64#Privacy-enhanced_mail SSCCE: $ (keytool7=$HOME/jdk/jdk7/bin/keytool keytool8=$HOME/jdk/jdk8/bin/keytool; perl -pe 's/^([A-Za-z])/!\1/' ./test/java/security/cert/CertPathValidator/OCSP/RootCert.pem > /tmp/corrupted.pem; echo 7: ; $keytool7 -printcert -file /tmp/corrupted.pem | head; echo 8: ; $keytool8 -printcert -file /tmp/corrupted.pem | head -3;) 7: keytool error: java.lang.Exception: Failed to parse input 8: Owner: CN=Root CA, O=Sun, C=US Issuer: CN=Root CA, O=Sun, C=US Serial number: 0
Comments
|