RFR: 8369995: Implement extra logging and/or propagate errors in X509KeyManagerImpl
Artur Barashev
abarashev at openjdk.org
Thu Oct 16 19:26:21 UTC 2025
On Thu, 16 Oct 2025 19:18:44 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> In [JDK-8309667](https://bugs.openjdk.org/browse/JDK-8309667), there were issues with debugging due to no logging or throwing of errors by X509KeyManagerImpl::getEntry. [Line](https://github.com/openjdk/jdk/blob/6a4c2676a6378f573bd58d1bc32b57765d756291/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java#L243-L245)
>>
>> Extra logging and error propagating should be implemented for the X509KeyManagerImpl.
>>
>> Thank you @djelinski for finding the issue and analysis.
>
> src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java line 251:
>
>> 249: // ignore and only log exception
>> 250: if (SSLLogger.isOn && SSLLogger.isOn("keymanager")) {
>> 251: SSLLogger.fine("KeyMgr: exception triggered: " + e);
>
> I think this should be logged at `warning` level.
Also, `KeyMgr:` string can be removed, the logger will prepend the message with the full class name and line number.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27851#discussion_r2437216813
More information about the security-dev
mailing list