Code Review Request, JDK-8207029 Unable to use custom SSLEngine with default TrustManagerFactory after updating to JDK 11 b21
Alan Bateman
Alan.Bateman at oracle.com
Thu Jul 12 06:53:21 UTC 2018
On 12/07/2018 05:47, Xuelei Fan wrote:
> Hi,
>
> Please review the update:
> http://cr.openjdk.java.net/~xuelei/8207029/webrev.00/
>
> It's an interesting user case of the TrustManagerFactory and
> KeyManagerFactory. The KeyManager or TrustManager implementation may
> be not implemented in the same provider as SSLSocket/SSLEngine.
>
> See also
> http://mail.openjdk.java.net/pipermail/security-dev/2018-July/017536.html.
Xuelei - is there follow-up work to develop some tests that use custom
KeyManager or TrustManager implementations that are in different
providers to the SSLEngine. I realize not many will do that but it seems
easy to break these type of scenarios if we don't have tests.
-Alan.
More information about the security-dev
mailing list