Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8133489

Better messaging for PKIX path validation matching

    XMLWordPrintable

    Details

      Description

      We should try and be more verbose when it comes to PKIX path validation. Include more information in debug logs where possible.

      Here's a recent example I worked on :

      certpath: X509CertSelector.match(SN: xxx1a8ae
        Issuer: OU=xxxxx CA,OU=Certification Authorities,OU=xxxxx,O=xxxx,C=US
        Subject: OU=xxx CA4,OU=Certification Authorities,OU=xxxxx,O=xxxx,C=US)
      certpath: X509CertSelector.match: subject key IDs don't match

      Print the SKIDs! there are other examples in X509CertSelector also where we can print IDs to debug logs.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                coffeys Sean Coffey
                Reporter:
                coffeys Sean Coffey
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: