RFR: 8262186: Call X509KeyManager.chooseClientAlias once for all key types [v2]

Weijun Wang weijun at openjdk.java.net
Mon Aug 30 21:15:09 UTC 2021


On Mon, 30 Aug 2021 18:28:41 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   reorg src, new test case
>
> src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 271:
> 
>> 269: 
>> 270:         PublicKey clientPublicKey = clientCerts[0].getPublicKey();
>> 271:         if (!clientPrivateKey.getAlgorithm().equals(clientPublicKey.getAlgorithm())) {
> 
> See above comment, the specified keyType is not checked against.  The check here is for the matching of private key and public key, rather the match of key and the specified keyType.  Maybe, an additional check could be added to check the key type of the cert if one of the specified key types.

Done. Two checks now.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5257


More information about the security-dev mailing list