OpenJDK / jdk / jdk

changeset 51084:2282560a3d29

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8207029: Unable to use custom SSLEngine with default TrustManagerFactory after updating to JDK 11 b21 Reviewed-by: wetmore
author xuelei
date Fri, 13 Jul 2018 07:08:59 -0700
parents d2e182aa44c9
children ad9d95f1a1f6
files src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
diffstat 1 files changed, 26 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java	Fri Jul 13 07:01:51 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java	Fri Jul 13 07:08:59 2018 -0700
@@ -73,12 +73,20 @@
             boolean withDefaultCertPathConstraints) {
         AlgorithmConstraints configuredConstraints = null;
         if (socket != null) {
-            HandshakeContext hc =
-                    ((SSLSocketImpl)socket).conContext.handshakeContext;
-            if (hc != null) {
-                configuredConstraints = hc.sslConfig.algorithmConstraints;
+            // Note that the KeyManager or TrustManager implementation may be
+            // not implemented in the same provider as SSLSocket/SSLEngine.
+            // Please check the instance before casting to use SSLSocketImpl.
+            if (socket instanceof SSLSocketImpl) {
+                HandshakeContext hc =
+                        ((SSLSocketImpl)socket).conContext.handshakeContext;
+                if (hc != null) {
+                    configuredConstraints = hc.sslConfig.algorithmConstraints;
+                } else {
+                    configuredConstraints = null;
+                }
             } else {
-                configuredConstraints = null;
+                configuredConstraints =
+                        socket.getSSLParameters().getAlgorithmConstraints();
             }
         }
         this.userSpecifiedConstraints = configuredConstraints;
@@ -90,12 +98,20 @@
             boolean withDefaultCertPathConstraints) {
         AlgorithmConstraints configuredConstraints = null;
         if (engine != null) {
-            HandshakeContext hc =
-                    ((SSLEngineImpl)engine).conContext.handshakeContext;
-            if (hc != null) {
-                configuredConstraints = hc.sslConfig.algorithmConstraints;
+            // Note that the KeyManager or TrustManager implementation may be
+            // not implemented in the same provider as SSLSocket/SSLEngine.
+            // Please check the instance before casting to use SSLEngineImpl.
+            if (engine instanceof SSLEngineImpl) {
+                HandshakeContext hc =
+                        ((SSLEngineImpl)engine).conContext.handshakeContext;
+                if (hc != null) {
+                    configuredConstraints = hc.sslConfig.algorithmConstraints;
+                } else {
+                    configuredConstraints = null;
+                }
             } else {
-                configuredConstraints = null;
+                configuredConstraints =
+                        engine.getSSLParameters().getAlgorithmConstraints();
             }
         }
         this.userSpecifiedConstraints = configuredConstraints;
© 2007, Oracle and/or its affiliates
Terms of Use · Privacy · Trademarks