Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8154947

Avoid server failure when list of authorities in CertificateRequest is too big

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P4
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security-libs

      Description

      Currently the server is just throwing an exception when creating CertificateRequest, if all authorities cannot fit into the maximum allowed vector.

      An alternative approach is to send an empty list instead.
      This is what Microsoft suggests as a possible workaround:
      https://support.microsoft.com/en-us/kb/933430 (Method 3).

      RFC allows sending empty list of authorities:
      http://tools.ietf.org/html/rfc5246

      The behavior can be controlled with a CL switch.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                igerasim Ivan Gerasimov (Inactive)
                Reporter:
                igerasim Ivan Gerasimov (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: