Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6535697

keytool can be more flexible on format of PEM-encoded X.509 certificates

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P5
    • Resolution: Fixed
    • Affects Version/s: 7
    • Fix Version/s: 7
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b50
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Description

      Currently, keytool is very strict on the format of PEM-encoded X.509 certificates. The file must be started with "-----BEGIN CETIFICATE" and ended with "-----END CERTIFICATE", there can be no other words (including blank lines) before or after the "-----" line.

      Tools like openssl often output certificates with text before the "---- BEGIN" line. Users have to strip these characters before feeding it to keytool.

        Issue Links

          Activity

          Hide
          weijun Weijun Wang added a comment -
          BT2:EVALUATION

          Resonable suggestion.

          Currently being strict, keytool (or inside, the X509Factory.generateCertificates method) can correctly import a certificate chain that's ASCII and binary mixed without any prior info. A "smarter" keytool must --

          1. Behave precisely and simply
          2. Detect garbages text (before and after real data)
          3. Be compatible
          Show
          weijun Weijun Wang added a comment - BT2:EVALUATION Resonable suggestion. Currently being strict, keytool (or inside, the X509Factory.generateCertificates method) can correctly import a certificate chain that's ASCII and binary mixed without any prior info. A "smarter" keytool must -- 1. Behave precisely and simply 2. Detect garbages text (before and after real data) 3. Be compatible
          Show
          weijun Weijun Wang added a comment - BT2:EVALUATION http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9b1bc2e28518

            People

            • Assignee:
              weijun Weijun Wang
              Reporter:
              weijun Weijun Wang
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: