<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">thanks… used the wrong mailing list again :(<div class=""><br class=""></div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 10. Jul 2018, at 17:57, Alan Bateman <<a href="mailto:Alan.Bateman@oracle.com" class="">Alan.Bateman@oracle.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252" class="">
<div text="#000000" bgcolor="#FFFFFF" class="">
Forwarding to security-dev.<br class="">
<br class="">
<div class="moz-cite-prefix">On 10/07/2018 17:47, Norman Maurer
wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:D81A3B88-212F-4C5E-9526-E8E72F7D58BB@googlemail.com" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252" class="">
Hi all,
<div class=""><br class="">
</div>
<div class="">I just tried to run netty[1] testsuite with the
latest jdk11 EA release (21) and saw some class-cast-exception
with our custom SSLEngine implementation</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">Caused by: java.lang.ClassCastException: class
io.netty.handler.ssl.OpenSslEngine cannot be cast to class
sun.security.ssl.SSLEngineImpl
(io.netty.handler.ssl.OpenSslEngine is in unnamed module of
loader 'app'; sun.security.ssl.SSLEngineImpl is in module
java.base of loader 'bootstrap')</div>
<div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.base/sun.security.ssl.SSLAlgorithmConstraints.<init>(SSLAlgorithmConstraints.java:93)</div>
<div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:270)</div>
<div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)</div>
<div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>at
io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:237)</div>
<div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>at
io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:621)</div>
<div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>...
27 more</div>
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">This change seems to be related to:</div>
<div class=""><a href="http://hg.openjdk.java.net/jdk/jdk11/rev/68fa3d4026ea" class="" moz-do-not-send="true">http://hg.openjdk.java.net/jdk/jdk11/rev/68fa3d4026ea</a></div>
<div class=""><br class="">
</div>
<div class="">I think you miss an instanceof check here in
SSLAlgorithmConstraints before try to cast to SSLEngineImpl, as
otherwise it will be impossible to use custom implementations of
SSLEngine (which we have in netty) with the default
TrustManagerFactory.</div>
<div class=""><br class="">
</div>
<div class="">Does this sound correct ? Should I open a bug-report
?</div>
<div class=""><br class="">
</div>
<div class="">Bye</div>
<div class="">Norman</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
</blockquote>
<br class="">
</div>
</div></blockquote></div><br class=""></div></body></html>