Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting CRL list for certification path fails when there is more than one CRL for the same issuer DN #100

Open
rgala opened this issue Jun 16, 2016 · 0 comments
Open

Getting CRL list for certification path fails when there is more than one CRL for the same issuer DN #100

rgala opened this issue Jun 16, 2016 · 0 comments

Comments

@rgala
Copy link

rgala commented Jun 16, 2016

I'm trying to validate a signature with CRL checking, but if fails with

java.security.SignatureException: Signature does not match.

I have two files containing CRL for two diferent CAs, but both have the same issuer DN which, I
believe, is causing the problem, because getCRLsForCertPath in class PKIXCertificateValidationProvider is choosing wrong CRL by matching only issuer DN of a CRL (I think it should check key identifier too).

I have attached a sample Maven project to reproduce the issue. It will download current CRL from selected CAs so you will need internet connection.

project.zip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rgala