RFR: 8371721: Refactor checkTrusted methods in X509TrustManagerImpl [v4]
Artur Barashev
abarashev at openjdk.org
Wed Dec 10 20:57:05 UTC 2025
On Wed, 10 Dec 2025 20:41:01 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Only the last few sentences of javadoc are outdated
>
> src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java line 210:
>
>> 208:
>> 209: if (socket instanceof SSLSocket sslSocket && sslSocket.isConnected()) {
>> 210: session = sslSocket.getHandshakeSession();
>
> subtle change in the refactoring now that the session non-null check is delayed until the new `findTrustedCertificate` call.
> The `SSLAlgorithmConstraints.forEngine/forSocket/forQUIC` methods also reference the session before the `findTrustedCertificate` call . Have you ensured that a null session can't cause issue there ?
Yes, we have a check for session not being null there: `session instanceof ExtendedSSLSession`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28275#discussion_r2608177687
More information about the security-dev
mailing list