RFR: JDK-8285504 Minor cleanup could be done in javax.net [v4]

Bradford Wetmore wetmore at openjdk.java.net
Thu Apr 28 16:30:46 UTC 2022


On Thu, 28 Apr 2022 15:45:58 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Mark Powers has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains eight additional commits since the last revision:
>> 
>>  - Merge
>>  - Max and Brad comments
>>  - jaikiran comments
>>  - Alan Bateman comments
>>  - second iteration
>>  - Merge
>>  - Merge
>>  - first iteration
>
> src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java line 92:
> 
>> 90:     static String getSecurityProperty(final String name) {
>> 91:         return AccessController.doPrivileged((PrivilegedAction<String>) () -> {
>> 92:             return Security.getProperty(name);
> 
> I assume we still need to do the if-empty-then-null conversion?

Just found the same.  This needs to be reverted.  You can set a Security Property to an "empty" string which won't work here.  Suggest you revert to previous code, possibly using a lambda if that was the original intent.

> src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java line 82:
> 
>> 80:         String type;
>> 81:         type = GetPropertyAction.privilegedGetProperty(
>> 82:             "ssl.TrustManagerFactory.algorithm");
> 
> Sorry I got it wrong here, this is a security property.

Similar comment.

-------------

PR: https://git.openjdk.java.net/jdk/pull/8384


More information about the security-dev mailing list