RFR: 8326233 Utils#copySSLParameters loses needClientAuth Setting
Daniel Jeliński
djelinski at openjdk.org
Tue Feb 20 09:18:54 UTC 2024
On Tue, 20 Feb 2024 06:24:49 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:
> Can I please get a review for this change which proposes to fix https://bugs.openjdk.org/browse/JDK-8326233?
>
> As noted in the issue, when the `java.net.HttpClient.Builder` is configured with a `SSLParameters` instance whose `needClientAuth` is set to true, then it is expected that the `HttpClient` that's built from such a build will have its `SSLParameters` with `needClientAuth` as `true` and `wantClientAuth` as `false`. But due to a bug in the internal implementation of a the `HttpClient`, the value for `needClientAuth` was getting reset to `false`. The commit in this PR fixes that issue and introduces a jtreg tests which reproduces the issue and verifies the fix.
It wasn't noticed because the wantClientAuth / needClientAuth only make sense on the server side. I wonder if this was detected by code inspection, or if some (application) code actually depends on this.
While at this, I noticed that we don't copy signatureSchemes and namedGroups either. We should probably fix that.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/17923#issuecomment-1953781537
More information about the net-dev
mailing list