RFR: 8262186: Call X509KeyManager.chooseClientAlias once for all key types [v2]
Weijun Wang
weijun at openjdk.java.net
Mon Aug 30 21:15:09 UTC 2021
On Mon, 30 Aug 2021 18:28:41 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> reorg src, new test case
>
> src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 271:
>
>> 269:
>> 270: PublicKey clientPublicKey = clientCerts[0].getPublicKey();
>> 271: if (!clientPrivateKey.getAlgorithm().equals(clientPublicKey.getAlgorithm())) {
>
> See above comment, the specified keyType is not checked against. The check here is for the matching of private key and public key, rather the match of key and the specified keyType. Maybe, an additional check could be added to check the key type of the cert if one of the specified key types.
Done. Two checks now.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5257
More information about the security-dev
mailing list