Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8207029: Unable to use custom SSLEngine with default TrustManagerFactory after updating to JDK 11 b21
authorxuelei
Fri, 13 Jul 2018 07:08:59 -0700
changeset 51084 2282560a3d29
parent 51083 d2e182aa44c9
child 51085 ad9d95f1a1f6
8207029: Unable to use custom SSLEngine with default TrustManagerFactory after updating to JDK 11 b21 Reviewed-by: wetmore
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java file | annotate | diff | comparison | revisions 
--- a/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java	Fri Jul 13 07:01:51 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java	Fri Jul 13 07:08:59 2018 -0700
@@ -73,12 +73,20 @@
             boolean withDefaultCertPathConstraints) {
         AlgorithmConstraints configuredConstraints = null;
         if (socket != null) {
-            HandshakeContext hc =
-                    ((SSLSocketImpl)socket).conContext.handshakeContext;
-            if (hc != null) {
-                configuredConstraints = hc.sslConfig.algorithmConstraints;
+            // Note that the KeyManager or TrustManager implementation may be
+            // not implemented in the same provider as SSLSocket/SSLEngine.
+            // Please check the instance before casting to use SSLSocketImpl.
+            if (socket instanceof SSLSocketImpl) {
+                HandshakeContext hc =
+                        ((SSLSocketImpl)socket).conContext.handshakeContext;
+                if (hc != null) {
+                    configuredConstraints = hc.sslConfig.algorithmConstraints;
+                } else {
+                    configuredConstraints = null;
+                }
             } else {
-                configuredConstraints = null;
+                configuredConstraints =
+                        socket.getSSLParameters().getAlgorithmConstraints();
             }
         }
         this.userSpecifiedConstraints = configuredConstraints;
@@ -90,12 +98,20 @@
             boolean withDefaultCertPathConstraints) {
         AlgorithmConstraints configuredConstraints = null;
         if (engine != null) {
-            HandshakeContext hc =
-                    ((SSLEngineImpl)engine).conContext.handshakeContext;
-            if (hc != null) {
-                configuredConstraints = hc.sslConfig.algorithmConstraints;
+            // Note that the KeyManager or TrustManager implementation may be
+            // not implemented in the same provider as SSLSocket/SSLEngine.
+            // Please check the instance before casting to use SSLEngineImpl.
+            if (engine instanceof SSLEngineImpl) {
+                HandshakeContext hc =
+                        ((SSLEngineImpl)engine).conContext.handshakeContext;
+                if (hc != null) {
+                    configuredConstraints = hc.sslConfig.algorithmConstraints;
+                } else {
+                    configuredConstraints = null;
+                }
             } else {
-                configuredConstraints = null;
+                configuredConstraints =
+                        engine.getSSLParameters().getAlgorithmConstraints();
             }
         }
         this.userSpecifiedConstraints = configuredConstraints;
jdk-sandbox