Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8154947

Avoid server failure when list of authorities in CertificateRequest is too big

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P4
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security-libs

      Description

      Currently the server is just throwing an exception when creating CertificateRequest, if all authorities cannot fit into the maximum allowed vector.

      An alternative approach is to send an empty list instead.
      This is what Microsoft suggests as a possible workaround:
      https://support.microsoft.com/en-us/kb/933430 (Method 3).

      RFC allows sending empty list of authorities:
      http://tools.ietf.org/html/rfc5246

      The behavior can be controlled with a CL switch.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              igerasim Ivan Gerasimov
              Reporter:
              igerasim Ivan Gerasimov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: