RFR: 8280494: (D)TLS signature schemes [v19]

Sean Mullan mullan at openjdk.java.net
Tue Mar 8 16:46:13 UTC 2022 

On Sun, 6 Mar 2022 05:40:59 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> This update is to support signature schemes customization for individual (D)TLS connection.  Please review the CSR as well:
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
>> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
>> Release-note: https://bugs.openjdk.java.net/browse/JDK-8281290
>
> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
> 
>   add test for DTLS

Changes requested by mullan (Reviewer).

src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 501:

> 499: 
> 500:             // Note that if the System Property value is not defined (JDK
> 501:             // default value) or empty, the provider-specific default is used.

I think you can remove this comment as it is repeated on lines 507-508 (and makes more sense there).

src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 564:

> 562:                 String[] signatureSchemes) {
> 563: 
> 564:         if (signatureSchemes == null ||  signatureSchemes.length == 0) {

Nit: remove extra space after `||`.

src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 576:

> 574:                     SSLLogger.finest(
> 575:                             "Ignore the signature algorithm (" + ss
> 576:                           + "), unsupported or unavailable");

Should this message be more consistent with the message in `getCustomizedSignatureScheme`?: "The current installed providers do not support signature scheme: " + schemeName

test/jdk/javax/net/ssl/DTLS/DTLSSignatureSchemes.java line 125:

> 123:             testCase.runTest(testCase);
> 124:             if (exceptionExpected) {
> 125:                 throw new RuntimeException("Unexpected success!");

The catch block on line 127 will end up catching this exception and swallowing it, and the test will incorrectly pass.

test/jdk/javax/net/ssl/SSLParameters/SignatureSchemes.java line 81:

> 79:             super.runClientApplication(sslSocket);
> 80:             if (exceptionExpected) {
> 81:                 throw new RuntimeException("Unexpected success!");

The catch block on line 83 will end up catching this exception and swallowing it, and the test will incorrectly pass.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7252

More information about the net-dev mailing list