RFR: 8312383: Log X509ExtendedKeyManager implementation class name in TLS/SSL connection [v2]
Prajwal Kumaraswamy
pkumaraswamy at openjdk.org
Thu Feb 8 09:15:56 UTC 2024
On Wed, 7 Feb 2024 15:27:46 GMT, Prajwal Kumaraswamy <pkumaraswamy at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 205:
>>
>>> 203: X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager();
>>> 204: if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
>>> 205: SSLLogger.finest("X509ExtendedKeyManager being used: " +
>>
>> Could the JBS title be made more descriptive ? It's quite vague.
>>
>> I wonder if "X509KeyManager class: " would be better for displaying.
>>
>> `createServerPossession` would also benefit from this logging enhancement. I wonder if this belongs in logging during SSLContext creation time instead. Other security-dev engineers may have opinion on that.
>>
>> IIRC, there's another issue open where we iterate over the certificate contexts of custom tm/km types. The JDK src does it at the moment for the default tm/km but no output given for custom impl. Will be good to have that tied up at some stage also.
>
> I have changed the title to reflect the specific change made here.
> I'll make changes in createServerPossession as well.
I have made changes and attached the testing snapshots in a zip file attached in bug description
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17742#discussion_r1482639556
More information about the security-dev
mailing list