RFR: 8312383: Log X509ExtendedKeyManager implementation class name in TLS/SSL connection [v3]
Prajwal Kumaraswamy
pkumaraswamy at openjdk.org
Fri Mar 8 06:12:11 UTC 2024
> During the time of server certificate validation, users have the flexibility to use a custom X509 Key Manager implementation by extending "X509ExtendedKeyManager.".
> In such cases, printing the class name in X509Authentication.java will be helpful to trace any failure of the SSL connection due to a certificate issue.
>
> I've tested the code by running the custom X509 manager, the default X509 manager, and passing the null key manager.
> The screen shots are attached here.
> [x509_log_testing.zip](https://github.com/openjdk/jdk/files/14206695/x509_log_testing.zip)
>
> Also, the internal test runs against this fix are green
Prajwal Kumaraswamy has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:
- change log message
- Merge remote-tracking branch 'origin/master' into JDK-8312383
- Merge remote-tracking branch 'origin/master' into JDK-8312383
- Add log for client auth
- Merge remote-tracking branch 'origin/master' into JDK-8312383
- 8312383: Improve SSL debug log
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/17742/files
- new: https://git.openjdk.org/jdk/pull/17742/files/bd8449bd..bb0a54e1
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=17742&range=02
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=17742&range=01-02
Stats: 125185 lines in 2742 files changed: 27138 ins; 86267 del; 11780 mod
Patch: https://git.openjdk.org/jdk/pull/17742.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/17742/head:pull/17742
PR: https://git.openjdk.org/jdk/pull/17742
More information about the security-dev
mailing list