RFR: 8326381: com.sun.net.httpserver.HttpsParameters and SSLStreams incorrectly handle needClientAuth and wantClientAuth [v7]

Jaikiran Pai jpai at openjdk.org
Wed Mar 6 14:52:05 UTC 2024 

> Can I please get a review of this change which proposes to fix https://bugs.openjdk.org/browse/JDK-8326381?
> 
> As noted in the JBS issue, the implementation in `setNeedClientAuth()` and `setWantClientAuth()` of `com.sun.net.httpserver.HttpsParameters` wasn't matching the API specification. The commit in this PR fixes that issue and it now matches the API specification as well as what is done in `javax.net.ssl.SSLParameters` class.
> 
> Additionally, as noted in the JBS issue, the (internal class) `sun.net.httpserver.SSLStreams` had a bug where it could end up resetting the `needClientAuth` flag on the `SSLEngine` because of the way the `setNeedClientAuth()` and `setWantClientAuth()` methods were being called on the `SSLEngine`. This too has been fixed in this PR.
> 
> A new jtreg test has been introduced to reproduce the issue in the `HttpsParameters` class and verify this fix.

Jaikiran Pai has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 16 additional commits since the last revision:

 - merge latest from master branch
 - use the recently updated exception message
 - merge latest from master branch
 - merge latest from master branch
 - simplify the test when verifying that client did present the certs to the server
 - Revert "assert that client auth was indeed initiated by server during TLS handshake"
   
   This reverts commit 9fddecb09fcace14dc758cc23517e386b9e9b454.
 - John's review - set need/wantClientAuth to false and expect both need/wantClientAuth to be false
 - assert that client auth was indeed initiated by server during TLS handshake
 - undo changes to SimpleSSLContext in test library
 - Daniel's input for deprecation text
 - ... and 6 more: https://git.openjdk.org/jdk/compare/6c3e1eab...512aad52

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/17940/files
  - new: https://git.openjdk.org/jdk/pull/17940/files/0d6a6a0c..512aad52

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=17940&range=06
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=17940&range=05-06

  Stats: 19901 lines in 1287 files changed: 11191 ins; 4056 del; 4654 mod
  Patch: https://git.openjdk.org/jdk/pull/17940.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/17940/head:pull/17940

PR: https://git.openjdk.org/jdk/pull/17940

More information about the net-dev mailing list