<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;
      charset=windows-1252">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Forwarding to security-dev.<br>
    <br>
    <div class="moz-cite-prefix">On 10/07/2018 17:47, Norman Maurer
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:D81A3B88-212F-4C5E-9526-E8E72F7D58BB@googlemail.com">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      Hi all,
      <div class=""><br class="">
      </div>
      <div class="">I just tried to run netty[1] testsuite with the
        latest jdk11 EA release (21) and saw some class-cast-exception
        with our custom SSLEngine implementation</div>
      <div class=""><br class="">
      </div>
      <div class=""><br class="">
      </div>
      <div class="">
        <div class="">Caused by: java.lang.ClassCastException: class
          io.netty.handler.ssl.OpenSslEngine cannot be cast to class
          sun.security.ssl.SSLEngineImpl
          (io.netty.handler.ssl.OpenSslEngine is in unnamed module of
          loader 'app'; sun.security.ssl.SSLEngineImpl is in module
          java.base of loader 'bootstrap')</div>
        <div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>at
java.base/sun.security.ssl.SSLAlgorithmConstraints.<init>(SSLAlgorithmConstraints.java:93)</div>
        <div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>at
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:270)</div>
        <div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>at
java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)</div>
        <div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>at
io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:237)</div>
        <div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>at
io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:621)</div>
        <div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>...
          27 more</div>
      </div>
      <div class=""><br class="">
      </div>
      <div class=""><br class="">
      </div>
      <div class="">This change seems to be related to:</div>
      <div class=""><a
          href="http://hg.openjdk.java.net/jdk/jdk11/rev/68fa3d4026ea"
          class="" moz-do-not-send="true">http://hg.openjdk.java.net/jdk/jdk11/rev/68fa3d4026ea</a></div>
      <div class=""><br class="">
      </div>
      <div class="">I think you miss an instanceof check here in
        SSLAlgorithmConstraints before try to cast to SSLEngineImpl, as
        otherwise it will be impossible to use custom implementations of
        SSLEngine (which we have in netty) with the default
        TrustManagerFactory.</div>
      <div class=""><br class="">
      </div>
      <div class="">Does this sound correct ? Should I open a bug-report
        ?</div>
      <div class=""><br class="">
      </div>
      <div class="">Bye</div>
      <div class="">Norman</div>
      <div class=""><br class="">
      </div>
      <div class=""><br class="">
      </div>
      <div class=""><br class="">
      </div>
    </blockquote>
    <br>
  </body>
</html>