RFR[jdk] 8237474: Default SSLEngine should create in server role

Seán Coffey sean.coffey at oracle.com
Fri Feb 7 12:49:41 UTC 2020


Looks ok to me Prasad. This may also be worthy of highlighting via 
release note. You might be able to expand test coverage to capture the 
TLSContext scenario. Something like below patch might work ?


--- 
a/test/jdk/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java
+++ 
b/test/jdk/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java
@@ -1,5 +1,5 @@
  /*
- * Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights 
reserved.
+ * Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights 
reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@

  /*
   * @test
- * @bug 4980882 8207250
+ * @bug 4980882 8207250 8237474
   * @summary SSLEngine should enforce setUseClientMode
   * @run main/othervm EngineEnforceUseClientMode
   * @author Brad R. Wetmore
@@ -87,6 +87,9 @@
           * Note, these are not initialized to client/server
           */
          ssle3 = sslc.createSSLEngine();
+        if (ssle3.getUseClientMode()) {
+            throw new RuntimeException("Expected default role to be 
server");
+        }
          ssle4 = sslc.createSSLEngine();
          ssle5 = sslc.createSSLEngine();
      }

Regards,
Sean.

On 07/02/20 11:32, Prasadrao Koppula wrote:
>
> Hi,
>
> Could you please review this patch. Default server role mode was 
> flipped in SSLEngine, to client role mode as part of SSL package code 
> refactoring for TLSv1.3, this patch flips back default client role to 
> server role in SSLEngine.
>
> webrev: http://cr.openjdk.java.net/~pkoppula/8237474/webrev.00/ 
> <http://cr.openjdk.java.net/%7Epkoppula/8237474/webrev.00/>
>
> issue: https://bugs.openjdk.java.net/browse/JDK-8237474
>
> CSR: https://bugs.openjdk.java.net/browse/JDK-8238593
>
> Thanks,
>
> Prasad.K
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20200207/79b662af/attachment.htm>


More information about the security-dev mailing list