RFR: 8312383: Log X509ExtendedKeyManager implementation class name in TLS/SSL connection [v2]
Prajwal Kumaraswamy
pkumaraswamy at openjdk.org
Fri Mar 8 06:12:12 UTC 2024
On Thu, 8 Feb 2024 09:11:14 GMT, Prajwal Kumaraswamy <pkumaraswamy at openjdk.org> wrote:
>> During the time of server certificate validation, users have the flexibility to use a custom X509 Key Manager implementation by extending "X509ExtendedKeyManager.".
>> In such cases, printing the class name in X509Authentication.java will be helpful to trace any failure of the SSL connection due to a certificate issue.
>>
>> I've tested the code by running the custom X509 manager, the default X509 manager, and passing the null key manager.
>> The screen shots are attached here.
>> [x509_log_testing.zip](https://github.com/openjdk/jdk/files/14206695/x509_log_testing.zip)
>>
>> Also, the internal test runs against this fix are green
>
> Prajwal Kumaraswamy has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>
> - Add log for client auth
> - Merge remote-tracking branch 'origin/master' into JDK-8312383
> - 8312383: Improve SSL debug log
I have tested the latest changes and attached is the snapshot
[x509kmprintlogs_v3.zip](https://github.com/openjdk/jdk/files/14534015/x509kmprintlogs_v3.zip)
-------------
PR Comment: https://git.openjdk.org/jdk/pull/17742#issuecomment-1985095504
More information about the security-dev
mailing list