malformed certificate in existing store prevents opening the store at all
janmaesiptor opened this issue · 1 comments
A malformed certificate in existing store prevents opening the store at all.
Starting with BouncyCastle version 1.58, stricter ASN1 decoding is enforced.
When opening a store that contains a certificate with malformed ASN1 integer encoding, BC doesn't load the keystore but instead throws an exception.
There's a BC option that can be set in System properties to to allow parsing of malformed ASN.1 integers in a similar fashion to what BC 1.56 did. The option is org.bouncycastle.asn1.allow_unsafe_integer.
Note that BC failing to load a PKCS12 store causes portecle to open it as a JKS store under java8+.
The same problem was shown in issue #57: this causes reduced functionality and possible keystore corruption.
Attached a zip containing a PKCS12 store with a malformed certificate as received from a communication partner. The keystore password is: one