Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8151465: SSLSession may not return a valid chain
authorxuelei
Wed, 27 Jul 2016 02:23:16 +0000
changeset 43195 e7f80841643d
parent 43183 b50e0f90d284
child 43196 2064adad356a
8151465: SSLSession may not return a valid chain Reviewed-by: mullan, ahgross
jdk/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/classes/javax/net/ssl/SSLSession.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java	Wed Jan 18 08:02:53 2017 +0800
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java	Wed Jul 27 02:23:16 2016 +0000
@@ -69,6 +69,10 @@
     /**
      * Returns the server's X.509 certificate chain, or null if
      * the server did not authenticate.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
+     *
      * @return the server certificate chain
      */
     public abstract Certificate[] getServerCertificates()
--- a/jdk/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java	Wed Jan 18 08:02:53 2017 +0800
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java	Wed Jul 27 02:23:16 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -120,6 +120,9 @@
      * Note: This method can be used only when using certificate-based
      * cipher suites; using it with non-certificate-based cipher suites,
      * such as Kerberos, will throw an SSLPeerUnverifiedException.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
      *
      * @return an ordered array of the peer certificates,
      *          with the peer's own certificate first followed by
@@ -140,6 +143,9 @@
      * Note: This method can be used only when using certificate-based
      * cipher suites; using it with non-certificate-based cipher suites,
      * such as Kerberos, will throw an SSLPeerUnverifiedException.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
      *
      * <p><em>Note: this method exists for compatibility with previous
      * releases. New applications should use
--- a/jdk/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java	Wed Jan 18 08:02:53 2017 +0800
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java	Wed Jul 27 02:23:16 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -104,6 +104,9 @@
      * Note: This method can be used only when using certificate-based
      * cipher suites; using it with non-certificate-based cipher suites,
      * such as Kerberos, will throw an SSLPeerUnverifiedException.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
      *
      * @return an ordered array of server certificates,
      *          with the peer's own certificate first followed by
--- a/jdk/src/java.base/share/classes/javax/net/ssl/SSLSession.java	Wed Jan 18 08:02:53 2017 +0800
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/SSLSession.java	Wed Jul 27 02:23:16 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -219,6 +219,9 @@
      * Note: This method can be used only when using certificate-based
      * cipher suites; using it with non-certificate-based cipher suites,
      * such as Kerberos, will throw an SSLPeerUnverifiedException.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
      *
      * @return an ordered array of peer certificates,
      *          with the peer's own certificate first followed by any
@@ -259,6 +262,9 @@
      * Note: This method can be used only when using certificate-based
      * cipher suites; using it with non-certificate-based cipher suites,
      * such as Kerberos, will throw an SSLPeerUnverifiedException.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
      *
      * <p><em>Note: this method exists for compatibility with previous
      * releases. New applications should use
jdk-sandbox