RFR: 8341346: Add support for exporting TLS Keying Material [v12]
Bradford Wetmore
wetmore at openjdk.org
Thu May 15 02:03:02 UTC 2025
On Tue, 13 May 2025 17:13:03 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Bradford Wetmore has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Missed one review comment
>
> test/jdk/javax/net/ssl/ExtendedSSLSession/ExportKeyingMaterialTests.java line 62:
>
>> 60: * produced.
>> 61: */
>> 62: public class ExportKeyingMaterialTests extends SSLContextTemplate {
>
> What's the reason we don't use `SSLEngineTemplate` here?
There's a bug in `SSLEngine`/`SSLSocket` that prevents configuration callbacks from working as originally imagined. I hate working around it.
The subclass constructor now calls `super()`, which then calls back to the `configure*()` methods, but you can't pass any parameters. One of these days this should be fixed.
I find it easier to just copy `SSLEngineTemplate.java` instead of `extends`.
I've worked around it to remind myself this needs to be fixed someday.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2090057949
More information about the security-dev
mailing list