[Bug 3083] New: [IcedTea8] Regression in SSL debug output without an ECC provider
bugzilla-daemon at icedtea.classpath.org
bugzilla-daemon at icedtea.classpath.org
Mon Jul 4 16:12:30 UTC 2016
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3083
Bug ID: 3083
Summary: [IcedTea8] Regression in SSL debug output without an
ECC provider
Product: IcedTea
Version: 8-hg
Hardware: all
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: IcedTea
Assignee: gnu.andrew at redhat.com
Reporter: gnu.andrew at redhat.com
CC: unassigned at icedtea.classpath.org
https://bugzilla.redhat.com/show_bug.cgi?id=1346460
The methods in ECUtil throw a RuntimeException if they can't get an EC
provider. Given that an EC provider is optional, they should instead return
null. This is especially true as the same code seems happy enough to swallow
exceptions about invalid parameters and return null (i.e. calling code expects
null as failure anyway).
To replicate:
1. Start an OpenJDK TLSv2 server with all EC providers disabled and
-Djavax.net.debug=ssl,handshake
2. Connect to it with a client that supports ECC e.g.
openssl s_client -connect <host>:<port>
It will crash when trying to print the curve names:
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime,
ansiX962_compressed_char2]
main, handling exception: java.lang.RuntimeException:
java.security.NoSuchAlgorithmException: EC AlgorithmParameters not available
main, SEND TLSv1.2 ALERT: fatal, description = internal_error
The result should be:
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime,
ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {secp521r1, secp384r1, secp256r1}
...connection continues
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20160704/7cf255b5/attachment.html>
More information about the distro-pkg-dev
mailing list