RFR: 8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key [v4]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Fri Oct 22 18:51:05 UTC 2021
On Fri, 22 Oct 2021 18:45:31 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
>> Hello,
>>
>> Could you please review the small patch for the issue described in JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
>>
>> I suggest updating the RSAPSSSignature.isValid() method to verify if provided key components can be applied to SunRSASign implementation.
>> If not applied, implementation can try to select signer from other providers
>>
>> Regards
>> Alexey
>
> Alexey Bakhtin has updated the pull request incrementally with one additional commit since the last revision:
>
> Simplified isPrivateKeyValid
It looks good to me. Please make sure to run all security regression tests. Thank you!
-------------
Marked as reviewed by xuelei (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/4887
More information about the security-dev
mailing list