<div dir="ltr"><div>Apologies if this is the wrong mailing list for this question, and if yes, please point to the right one.</div><div>In <span style="color:rgb(0,0,0)">sun.security.ssl.SSLContextImpl we have the following method:</span></div><div><span style="color:rgb(0,0,0)"><br></span></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,0)">private X509TrustManager chooseTrustManager(TrustManager[] tm)<br>            throws KeyManagementException {<br>        // We only use the first instance of X509TrustManager passed to us.<br>        for (int i = 0; tm != null && i < tm.length; i++) {<br>            if (tm[i] instanceof X509TrustManager) {<br>               <b> if (SunJSSE.isFIPS() &&<br>                        !(tm[i] instanceof X509TrustManagerImpl))</b> {<br>                    throw new KeyManagementException<br>                        ("FIPS mode: only SunJSSE TrustManagers may be used");<br>                }<br><br>                if (tm[i] instanceof X509ExtendedTrustManager) {<br>                    return (X509TrustManager)tm[i];<br>                } else {<br>                    return new AbstractTrustManagerWrapper(<br>                                        (X509TrustManager)tm[i]);<br>                }<br>            }<br>        }<br><br>        // nothing found, return a dummy X509TrustManager.<br>        return DummyX509TrustManager.INSTANCE;<br>    }</span></span></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,0)"></span></span></div><div><span style="font-family:monospace"><br></span></div><div>In the FIPS case why is it required for the TrustManager to be an instance of X509TrustManagerImpl? Isn't it sufficient for it to be an instance of <span style="color:rgb(0,0,0)">X509ExtendedTrustManager?</span></div><div><span style="color:rgb(0,0,0)"><br></span></div><div><span style="color:rgb(0,0,0)">regards,</span></div><div><span style="color:rgb(0,0,0)">Sebu Koleth<br></span></div><div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>The most popular software for writing fiction isn't Word. It's Excel.<br></div>408 dot 759 dot 1870<br></div></div></div></div></div></div>