RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due to IllegalArgumentException [v5]
Volkan Yazici
vyazici at openjdk.org
Wed Dec 3 19:56:09 UTC 2025
On Wed, 3 Dec 2025 15:41:58 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:
>> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 136:
>>
>>> 134: */
>>> 135: conn.setSSLSocketFactory(wrapSocketFactory(sf,
>>> 136: sslSocket -> clientSSLSocket = sslSocket));
>>
>> Shall we first assert that `clientSSLSocket == null` before assignment?
>
> The method `doClientSide()` is called from constructor, the `clientSSLSocket` is non-static and was set to `null`. Therefore, it's the only assignment of clientSSLSocket per instance. Or do you mean the check must be in the the lambda-expr?
I mean something like:
Suggestion:
sslSocket -> {
assertNull(clientSSLSocket);
clientSSLSocket = sslSocket;
}));
To avoid double-assignment and eventually causing verification of the wrong value.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2586419546
More information about the security-dev
mailing list