RFR, JDK-8212885: TLS 1.3 resumed session does not retain peer certificate chain
Jamil Nimeh
jamil.j.nimeh at oracle.com
Tue Nov 6 18:11:55 UTC 2018
Okay, I can move this into PreSharedKeyExtension.java and re-run the
local tests that were having issues with it. Should work pretty well.
I'll put out another code review shortly.
Thanks,
--Jamil
On 11/6/2018 7:36 AM, Xuelei Fan wrote:
> Nice update!
>
> For the update in ClientHello.java, I may suggest moving it to
> pre_shared_key extension class. It may be a little bit safer if the
> extension can be loaded in other places.
>
> Thanks,
> Xuelei
>
> On 11/5/2018 11:51 PM, Jamil Nimeh wrote:
>> Hello all,
>>
>> This fixes an issue where TLS 1.3 resumed sessions were not carrying
>> forward many of the parameters from the parent session, namely the
>> peer certificates, but also the local certificates and a few other
>> SSLSessionImpl fields. This also moves the fix from an earlier,
>> related issue with SNI names (JDK-8211806) into this new solution.
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8212885
>>
>> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8212885/webrev.01
>>
>> Thanks,
>>
>> --Jamil
>>
More information about the security-dev
mailing list