<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Submitted it via <a href="https://bugreport.java.com" class="">https://bugreport.java.com</a>.<div class=""><br class=""></div><div class="">Please let me know once it “transferred” to <a href="https://bugs.openjdk.java.net" class="">https://bugs.openjdk.java.net</a></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Bye</div><div class="">Norman</div><div class=""><br class=""></div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 10. Jul 2018, at 20:26, Norman Maurer <<a href="mailto:norman.maurer@googlemail.com" class="">norman.maurer@googlemail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Will do tomorrow latest.<br class=""><br class="">Thanks for the quick reply.<br class=""><br class="">Bye<br class="">Norman <br class=""><br class=""><blockquote type="cite" class="">Am 10.07.2018 um 18:53 schrieb Xuelei Fan <<a href="mailto:xuelei.fan@oracle.com" class="">xuelei.fan@oracle.com</a>>:<br class=""><br class="">Hi Norman,<br class=""><br class="">It's an interesting user case of the TrustManagerFactory.  Please file a bug.<br class=""><br class="">Thanks,<br class="">Xuelei<br class=""><br class=""><blockquote type="cite" class="">On 7/10/2018 9:57 AM, Alan Bateman wrote:<br class="">Forwarding to security-dev.<br class=""><blockquote type="cite" class="">On 10/07/2018 17:47, Norman Maurer wrote:<br class="">Hi all,<br class=""><br class="">I just tried to run netty[1] testsuite with the latest jdk11 EA release (21) and saw some class-cast-exception with our custom SSLEngine implementation<br class=""><br class=""><br class="">Caused by: java.lang.ClassCastException: class io.netty.handler.ssl.OpenSslEngine cannot be cast to class sun.security.ssl.SSLEngineImpl (io.netty.handler.ssl.OpenSslEngine is in unnamed module of loader 'app'; sun.security.ssl.SSLEngineImpl is in module java.base of loader 'bootstrap')<br class="">at java.base/sun.security.ssl.SSLAlgorithmConstraints.<init>(SSLAlgorithmConstraints.java:93)<br class="">at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:270)<br class="">at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)<br class="">at io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:237)<br class="">at io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:621)<br class="">... 27 more<br class=""><br class=""><br class="">This change seems to be related to:<br class=""><a href="http://hg.openjdk.java.net/jdk/jdk11/rev/68fa3d4026ea" class="">http://hg.openjdk.java.net/jdk/jdk11/rev/68fa3d4026ea</a><br class=""><br class="">I think you miss an instanceof check here in SSLAlgorithmConstraints before try to cast to SSLEngineImpl, as otherwise it will be impossible to use custom implementations of SSLEngine (which we have in netty) with the default TrustManagerFactory.<br class=""><br class="">Does this sound correct ? Should I open a bug-report ?<br class=""><br class="">Bye<br class="">Norman<br class=""><br class=""><br class=""><br class=""></blockquote></blockquote></blockquote></div></div></blockquote></div><br class=""></div></body></html>