RFR: 8312383: Log X509ExtendedKeyManager implementation class name in TLS/SSL connection [v3]
Sean Coffey
coffeys at openjdk.org
Fri Mar 8 08:05:55 UTC 2024
On Fri, 8 Mar 2024 06:12:11 GMT, Prajwal Kumaraswamy <pkumaraswamy at openjdk.org> wrote:
>> During the time of server certificate validation, users have the flexibility to use a custom X509 Key Manager implementation by extending "X509ExtendedKeyManager.".
>> In such cases, printing the class name in X509Authentication.java will be helpful to trace any failure of the SSL connection due to a certificate issue.
>>
>> I've tested the code by running the custom X509 manager, the default X509 manager, and passing the null key manager.
>> The screen shots are attached here.
>> [x509_log_testing.zip](https://github.com/openjdk/jdk/files/14206695/x509_log_testing.zip)
>>
>> Also, the internal test runs against this fix are green
>
> Prajwal Kumaraswamy has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:
>
> - change log message
> - Merge remote-tracking branch 'origin/master' into JDK-8312383
> - Merge remote-tracking branch 'origin/master' into JDK-8312383
> - Add log for client auth
> - Merge remote-tracking branch 'origin/master' into JDK-8312383
> - 8312383: Improve SSL debug log
Looks good.
-------------
Marked as reviewed by coffeys (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/17742#pullrequestreview-1924296052
More information about the security-dev
mailing list