bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)
https://www.bouncycastle.org/java.html
MIT License
2.31k stars 1.14k forks source link

Down cast of UrlConnection without check in CrlCache (fails in case of FTP CLR distribution) #1867

Closed fejpet closed 1 week ago

fejpet commented 2 weeks ago

This is a down casting without check throws an exception in case of FtpUrlConnection is used, but this issue is hidden by "CertPathValidatorUtilities.java:785" catch (Exception e) as todo mention a log would be useful.

The SSL connection will fail with following message: "Caused by: org.bouncycastle.jce.provider.RecoverableCertPathValidatorException: No CRLs found for issuer", because the ftp based crl could not be downloaded.

You can reproduce with a certificate which contains an FTP CRL distribution point only.

https://github.com/bcgit/bc-java/blob/7315f8363295bf804fc536eb52debf39059b803b/prov/src/main/java/org/bouncycastle/jce/provider/CrlCache.java#L128

dghgit commented 1 week ago

Weird... I've removed the downcast. Thanks for the report.