RFR[jdk] 8237474: Default SSLEngine should create in server role

Prasadrao Koppula prasadarao.koppula at oracle.com
Fri Feb 7 14:28:24 UTC 2020


Thanks for review Sean, I will add test changes.

 

Thanks,

Prasad.K

 

From: Seán Coffey 
Sent: Friday, February 7, 2020 6:20 PM
To: Prasadrao Koppula <prasadarao.koppula at oracle.com>; security-dev at openjdk.java.net
Subject: Re: RFR[jdk] 8237474: Default SSLEngine should create in server role

 

Looks ok to me Prasad. This may also be worthy of highlighting via release note. You might be able to expand test coverage to capture the TLSContext scenario. Something like below patch might work ?

 

--- a/test/jdk/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java
+++ b/test/jdk/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
 
 /*
  * @test
- * @bug 4980882 8207250
+ * @bug 4980882 8207250 8237474
  * @summary SSLEngine should enforce setUseClientMode
  * @run main/othervm EngineEnforceUseClientMode
  * @author Brad R. Wetmore
@@ -87,6 +87,9 @@
          * Note, these are not initialized to client/server
          */
         ssle3 = sslc.createSSLEngine();
+        if (ssle3.getUseClientMode()) {
+            throw new RuntimeException("Expected default role to be server");
+        }
         ssle4 = sslc.createSSLEngine();
         ssle5 = sslc.createSSLEngine();
     }

Regards,
Sean.

On 07/02/20 11:32, Prasadrao Koppula wrote:

Hi,

 

Could you please review this patch. Default server role mode was flipped in SSLEngine, to client role mode as part of SSL package code refactoring for TLSv1.3, this patch flips back default client role to server role in SSLEngine.

 

webrev: HYPERLINK "http://cr.openjdk.java.net/%7Epkoppula/8237474/webrev.00/"http://cr.openjdk.java.net/~pkoppula/8237474/webrev.00/

issue: https://bugs.openjdk.java.net/browse/JDK-8237474

CSR:  https://bugs.openjdk.java.net/browse/JDK-8238593

 

 

Thanks,

Prasad.K

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20200207/2ca2debe/attachment-0001.htm>


More information about the security-dev mailing list