RFR: 8295068: SSLEngine throws NPE parsing CertificateRequests
Xue-Lei Andrew Fan
xuelei at openjdk.org
Thu Jul 6 07:08:54 UTC 2023
On Wed, 5 Jul 2023 20:25:26 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
> JDK-8295068: an NPE is thrown when an invalid `id` is found to match up a `ClientCertificateType`; rather than throwing the `NPE`, we now throw an `IllegalArgumentException`. This does not seem to be a scenario where recovery is possible or desired, so the `IAE` should be the proper behavior.
Changes requested by xuelei (Reviewer).
src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 134:
> 132: throw new IllegalArgumentException(id + " was " +
> 133: "not a valid ClientCertificateType id");
> 134: }
It may not comply to TLS specification if throwing exception here. Unknown types should be ignored for compatibility.
- if (cct.isAvailable) {
+ if (cct != null && cct.isAvailable) {
-------------
PR Review: https://git.openjdk.org/jdk/pull/14778#pullrequestreview-1515892219
PR Review Comment: https://git.openjdk.org/jdk/pull/14778#discussion_r1254023615
More information about the security-dev
mailing list