RFR: 8294983: SSLEngine throws ClassCastException during handshake [v2]
Mark Powers
mpowers at openjdk.org
Fri Apr 28 22:11:52 UTC 2023
On Fri, 28 Apr 2023 20:49:30 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Fixes a scenario where a `ServerHandshakeContext` might be cast as a `ClientHandshakeContext`.
>
> Kevin Driver has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>
> - updated copyright
> - Merge branch 'master' of github.com:openjdk/jdk into JDK-8294983
> - set consumer to null if we're not in client mode
src/java.base/share/classes/sun/security/ssl/HandshakeContext.java line 2:
> 1: /*
> 2: * Copyright (c) 2018, 2022, 2023, Oracle and/or its affiliates. All rights reserved.
No need for 2022.
src/java.base/share/classes/sun/security/ssl/HandshakeContext.java line 457:
> 455: // For TLS 1.2 and prior versions, the HelloRequest message MAY
> 456: // be sent by the server at any time.
> 457: consumer = conContext.sslConfig.isClientMode ?
This seems reasonable, but could you update the bug report to say why this fixes the problem?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13727#discussion_r1180845624
PR Review Comment: https://git.openjdk.org/jdk/pull/13727#discussion_r1180846282
More information about the security-dev
mailing list