RFR[jdk] 8237474: Default SSLEngine should create in server role
Seán Coffey
sean.coffey at oracle.com
Fri Feb 7 12:49:41 UTC 2020
Looks ok to me Prasad. This may also be worthy of highlighting via
release note. You might be able to expand test coverage to capture the
TLSContext scenario. Something like below patch might work ?
---
a/test/jdk/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java
+++
b/test/jdk/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights
reserved.
+ * Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights
reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
/*
* @test
- * @bug 4980882 8207250
+ * @bug 4980882 8207250 8237474
* @summary SSLEngine should enforce setUseClientMode
* @run main/othervm EngineEnforceUseClientMode
* @author Brad R. Wetmore
@@ -87,6 +87,9 @@
* Note, these are not initialized to client/server
*/
ssle3 = sslc.createSSLEngine();
+ if (ssle3.getUseClientMode()) {
+ throw new RuntimeException("Expected default role to be
server");
+ }
ssle4 = sslc.createSSLEngine();
ssle5 = sslc.createSSLEngine();
}
Regards,
Sean.
On 07/02/20 11:32, Prasadrao Koppula wrote:
>
> Hi,
>
> Could you please review this patch. Default server role mode was
> flipped in SSLEngine, to client role mode as part of SSL package code
> refactoring for TLSv1.3, this patch flips back default client role to
> server role in SSLEngine.
>
> webrev: http://cr.openjdk.java.net/~pkoppula/8237474/webrev.00/
> <http://cr.openjdk.java.net/%7Epkoppula/8237474/webrev.00/>
>
> issue: https://bugs.openjdk.java.net/browse/JDK-8237474
>
> CSR: https://bugs.openjdk.java.net/browse/JDK-8238593
>
> Thanks,
>
> Prasad.K
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20200207/79b662af/attachment.htm>
More information about the security-dev
mailing list