RFR: 8262186: Call X509KeyManager.chooseClientAlias once for all key types [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Mon Aug 30 15:42:29 UTC 2021
On Mon, 30 Aug 2021 14:59:05 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 289:
>>
>>> 287: X509ExtendedKeyManager km = shc.sslContext.getX509KeyManager();
>>> 288: String serverAlias = null;
>>> 289: for (String keyType : keyTypes) {
>>
>> What do you think if we update the createServerPossession to call chooseServerAlias only once? A similar problem could occur in server side, I think. Keeping the behavior consistent between client and server may easy the key manager development and customization.
>
> Do not fully understand. `chooseServerAlias` can only take one key type. How do I can it only once?
Never mind, I did not realized only one key type accepted. Hm, the for-loop is a little bit weird to me now. Only one keyType should be initialized for server. Anyway, not a big concern and you can leave is as is.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5257
More information about the security-dev
mailing list