RFR: 8301686: TLS 1.3 handshake fails if server_name doesn't match resuming session [v2]
Jaikiran Pai
jpai at openjdk.org
Wed Apr 26 11:55:24 UTC 2023
On Wed, 26 Apr 2023 11:14:57 GMT, Matthew Donovan <duke at openjdk.org> wrote:
>> Jaikiran Pai has updated the pull request incrementally with one additional commit since the last revision:
>>
>> review comment - use SSLContextTemplate for SSLContext creation in test
>
> test/jdk/javax/net/ssl/SSLSession/ServerNameRejectedTLSSessionResumption.java line 44:
>
>> 42: * during TLS handshake, then the subsequent communication between the server and the
>> 43: * client happens correctly without any errors
>> 44: * @run main/othervm -Djavax.net.ssl.keyStore=${test.src}/../etc/keystore
>
> We've been trying to move away from using the binary keystore and truststore files. The alternative is to extend `SSLContextTemplate` and use `createServerSSLContext()` and `createClientSSLContext()` methods.
Thank you Matthew for that review. I've now updated the PR to extend the `SSLContextTemplate` and use its APIs for `SSLContext` creation in the test.
With this updated test, I've verified that the test continues to fail (as expected) without the source fix and passes with the fix.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13669#discussion_r1177748488
More information about the security-dev
mailing list