RFR: 8327182: Move serverAlias into the loop
John Jiang
jjiang at openjdk.org
Mon Mar 4 08:45:52 UTC 2024
On Mon, 4 Mar 2024 08:26:28 GMT, Guoxiong Li <gli at openjdk.org> wrote:
>> With my understanding, in each iteration, firstly choose an alias from key manager with a key type, and then try to get the keys and certificates associated with this alias.
>> If an alias or its associated keys and certificates have something wrong, it should try other aliases associated with the key types in the remaining iterations.
>>
>> If an alias can be used by the subsequent iterations, that looks a bug.
>
>> If an alias can be used by the subsequent iterations, that looks a bug.
>
> Looks like a bug. So your patch is a bug fix instead of simple cleanup. Should we change the title of this issue or/and provide a test case?
At the beginning of a iteration, `km.chooseServerAlias` or `km.chooseEngineServerAlias` tries to find an alias. Then, `serverAlias` should be `null` or an existing alias in the key manager.
The `serverAlias` assigned by the last iteration should not used by the current iteration.
So, I don't see a bug at the moment.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18100#discussion_r1510776791
More information about the security-dev
mailing list