EndEntityChecker Should Not Process Custom Extensions after PKIX Validation

(Doc ID 2387321.1)

Last updated on APRIL 22, 2018

Applies to:

Java SE JDK and JRE - Version 8 to 8
Information in this document applies to any platform.


On Java SE 8 update 162, while attempting to use TLS to process custom critical extensions in end point certificates, a CertificateException is thrown as shown below: 

This issue is fixed in Java SE 9 and later.  This issue is reproducible using the latest JDK8 update 162 (available at the time of writing). 




Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms