RFR: 8294983: SSLEngine throws ClassCastException during handshake [v2]
Kevin Driver
kdriver at openjdk.org
Wed May 3 20:55:16 UTC 2023
On Fri, 28 Apr 2023 21:59:41 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> Kevin Driver has updated the pull request with a new target base due to a merge or a rebase.
>
> src/java.base/share/classes/sun/security/ssl/HandshakeContext.java line 457:
>
>> 455: // For TLS 1.2 and prior versions, the HelloRequest message MAY
>> 456: // be sent by the server at any time.
>> 457: consumer = conContext.sslConfig.isClientMode ?
>
> This seems reasonable, but could you update the bug report to say why this fixes the problem?
If we're in server mode, we want the consumer to be null so that we don't attempt to cast a Server object as a Client object further down in the stack. Having the consumer be null forces the check on the new line 463 to pass and throws the message for "unexpected handshake message".
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13727#discussion_r1184268590
More information about the security-dev
mailing list