dghgit
commented
1 month ago Weird... I've removed the downcast. Thanks for the report.
Closed fejpet closed 1 month ago
dghgit
commented
1 month ago Weird... I've removed the downcast. Thanks for the report.
This is a down casting without check throws an exception in case of FtpUrlConnection is used, but this issue is hidden by "CertPathValidatorUtilities.java:785" catch (Exception e) as todo mention a log would be useful.
The SSL connection will fail with following message: "Caused by: org.bouncycastle.jce.provider.RecoverableCertPathValidatorException: No CRLs found for issuer", because the ftp based crl could not be downloaded.
You can reproduce with a certificate which contains an FTP CRL distribution point only.
https://github.com/bcgit/bc-java/blob/7315f8363295bf804fc536eb52debf39059b803b/prov/src/main/java/org/bouncycastle/jce/provider/CrlCache.java#L128