Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8054380

DNSName should be verified when parsing an X509Certificate

    XMLWordPrintable

    Details

      Description

      1. DNSName only accepts letters as the first character. RFC 1123 has relaxed that restriction:

      RFC 1123, Section 2.1:
      > One aspect of host name syntax is hereby changed: the
      > restriction on the first character is relaxed to allow either a
      > letter or a digit. Host software MUST support this more liberal
      > syntax.

      2. RFC 952 specifies that an LDH (Letter-Digit-Hyphen) label may only end with a letter or digit. We should remove hyphens from the set of permissible terminal characters in a label.

      3. No verification of a DNSName occurs when parsing an X509Certificate. Verification only occurs when creating a certificate (for example, with keytool). Fix this so that verification runs for both parsing and creation.

        Attachments

          Issue Links

          There are no Sub-Tasks for this issue.

            Activity

              People

              Assignee:
              coffeys Sean Coffey
              Reporter:
              juh Jason Uh (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: