RFR: 8262186: Call X509KeyManager.chooseClientAlias once for all key types [v2]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Mon Aug 30 15:42:29 UTC 2021


On Mon, 30 Aug 2021 14:59:05 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 289:
>> 
>>> 287:         X509ExtendedKeyManager km = shc.sslContext.getX509KeyManager();
>>> 288:         String serverAlias = null;
>>> 289:         for (String keyType : keyTypes) {
>> 
>> What do you think if we update the createServerPossession to call chooseServerAlias only once?  A similar problem could occur in server side, I think.  Keeping the behavior consistent between client and server may easy the key manager development and customization.
>
> Do not fully understand. `chooseServerAlias` can only take one key type. How do I can it only once?

Never mind, I did not realized only one key type accepted.  Hm, the for-loop is a little bit weird to me now.  Only one keyType should be initialized for server.  Anyway, not a big concern and you can leave is as is.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5257


More information about the security-dev mailing list