RFR: JDK-8285504 Minor cleanup could be done in javax.net [v4]
Bradford Wetmore
wetmore at openjdk.java.net
Thu Apr 28 16:30:46 UTC 2022
On Thu, 28 Apr 2022 15:45:58 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Mark Powers has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains eight additional commits since the last revision:
>>
>> - Merge
>> - Max and Brad comments
>> - jaikiran comments
>> - Alan Bateman comments
>> - second iteration
>> - Merge
>> - Merge
>> - first iteration
>
> src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java line 92:
>
>> 90: static String getSecurityProperty(final String name) {
>> 91: return AccessController.doPrivileged((PrivilegedAction<String>) () -> {
>> 92: return Security.getProperty(name);
>
> I assume we still need to do the if-empty-then-null conversion?
Just found the same. This needs to be reverted. You can set a Security Property to an "empty" string which won't work here. Suggest you revert to previous code, possibly using a lambda if that was the original intent.
> src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java line 82:
>
>> 80: String type;
>> 81: type = GetPropertyAction.privilegedGetProperty(
>> 82: "ssl.TrustManagerFactory.algorithm");
>
> Sorry I got it wrong here, this is a security property.
Similar comment.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8384
More information about the security-dev
mailing list