Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8133489

Better messaging for PKIX path validation matching

    Details

    • Subcomponent:
    • Resolved In Build:
      b03
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description

        We should try and be more verbose when it comes to PKIX path validation. Include more information in debug logs where possible.

        Here's a recent example I worked on :

        certpath: X509CertSelector.match(SN: xxx1a8ae
          Issuer: OU=xxxxx CA,OU=Certification Authorities,OU=xxxxx,O=xxxx,C=US
          Subject: OU=xxx CA4,OU=Certification Authorities,OU=xxxxx,O=xxxx,C=US)
        certpath: X509CertSelector.match: subject key IDs don't match

        Print the SKIDs! there are other examples in X509CertSelector also where we can print IDs to debug logs.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  coffeys Sean Coffey
                  Reporter:
                  coffeys Sean Coffey
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: