Trusted certificate with name constraints extension results in failed processing

holodeck-b2b / Holodeck-B2B

Holodeck B2B is an AS4 system-to-system messaging solution that implements the OASIS specifications for ebMS3 and it's AS4 profile. For more information visit the project website

http://holodeck-b2b.org

GNU General Public License v3.0

71 stars 36 forks source link

Trusted certificate with name constraints extension results in failed processing #97

Closed sfieten closed 5 years ago

sfieten commented 5 years ago

When a [CA] certificate that includes the name constraint extension is loaded in trustedcerts.jks the processing of signed messages fails due to a java.lang.IllegalArgumentException: Invalid encoding for NameConstraintsExtension. and an ebMS Other error is returned to the Sender.

sfieten commented 5 years ago

Processing may also fail if a certificate in the chain uses the Policy Constraints extension.