[Internet]SSLExtension: Bug/typo in unsupported extension

Jaikiran Pai jai.forums2013 at gmail.com
Mon Jun 20 15:23:15 UTC 2022 

Hello Ben,

Like Xuelei noted in his reply, the latest upstream JDK mainline code 
has the necessary fix for this issue. The fix seems to have been done as 
part of some other bigger changes (in Java 16). What you discovered is 
still an issue in versions previous to that (specifically Java 8 and 
Java 11). Do you have a JBS account so that you can create an issue here 
https://bugs.openjdk.org/browse/JDK to track and have this fixed in 
those Java versions? If not, let me know and I'll go ahead create them 
on your behalf.

-Jaikiran

On 20/06/22 8:08 pm, Ben Smyth wrote:
> Xuelei,
>
> You're right, OpenJDK/jdk GitHub is correct. I was looking at 
> hg.openjdk.java.net/jdk/jdk <http://hg.openjdk.java.net/jdk/jdk>, 
> specifically
>
> https://hg.openjdk.java.net/jdk/jdk/file/ee1d592a9f53/src/java.base/share/classes/sun/security/ssl/SSLExtension.java
>
>
> Ben
>
> On Mon, 20 Jun 2022 at 16:19, xueleifan(XueleiFan) 
> <xueleifan at tencent.com> wrote:
>
>     Would you mind post the source code or the repository link?  It
>     looks like the code
>     <https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/security/ssl/SSLExtension.java__;!!ACWV5N9M2RV99hQ!NKebj9uKrLF6gb-37saVUyukQr-EnHuECUvPsDhJS_U2FQ__HEdRupoxA-eK7zAJ1ueKd3-K-vp2clOGvK0QlWU2uHdasaI$> is
>     good in OpenJDK/jdk GitHub.
>
>     Regards,
>     Xuelei
>
>>     On Jun 20, 2022, at 5:48 AM, Ben Smyth
>>     <subscriptions at bensmyth.com> wrote:
>>
>>     We have
>>
>>         // extensions defined in RFC 7250
>>         CLIENT_CERT_TYPE        (0x0013, "padding"),
>>         SERVER_CERT_TYPE        (0x0014, "server_certificate_type"),
>>
>>         // extensions defined in RFC 7685
>>         PADDING                 (0x0015, "client_certificate_type"),
>>
>>     We should have
>>
>>         // extensions defined in RFC 7250
>>         CLIENT_CERT_TYPE        (0x0013, "client_certificate_type"),
>>         SERVER_CERT_TYPE        (0x0014, "server_certificate_type"),
>>
>>         // extensions defined in RFC 7685
>>         PADDING                 (0x0015, "padding"),
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20220620/b1759ce2/attachment.htm>

More information about the security-dev mailing list