Skip to content

Do the same extended checks as the JDK when a X509TrustManager is use…#8307

Merged
normanmaurer merged 1 commit into4.1from
tm_wrap
Sep 28, 2018
Merged

Do the same extended checks as the JDK when a X509TrustManager is use…#8307
normanmaurer merged 1 commit into4.1from
tm_wrap

Conversation

@normanmaurer
Copy link
Copy Markdown
Member

@normanmaurer normanmaurer commented Sep 22, 2018

…d with the OpenSSL provider.

Motivation:

When a X509TrustManager is used while configure the SslContext the JDK automatically does some extra checks during validation of provided certs by the remote peer. We should do the same when our native implementation is used.

Modification:

  • Automatically wrap a X509TrustManager and so do the same validations as the JDK does.
  • Add unit tests.

Result:

More consistent behaviour. Fixes #6664.

@normanmaurer
Do the same extended checks as the JDK when a X509TrustManager is use…
db6a6ab 
…d with the OpenSSL provider.

Motivation:

When a X509TrustManager is used while configure the SslContext the JDK automatically does some extra checks during validation of provided certs by the remote peer. We should do the same when our native implementation is used.

Modification:

- Automatically wrap a X509TrustManager and so do the same validations as the JDK does.
- Add unit tests.

Result:

More consistent behaviour. Fixes #6664.
@normanmaurer
Copy link
Copy Markdown
Member Author

normanmaurer commented Sep 22, 2018

@vietj this fixed #6664 that you reported a long time ago... I would love an cleaner way to do it but this is the best we can do before they add the extra method (which they may do at some point).

@normanmaurer normanmaurer requested review from Scottmitch, carl-mastrangelo, ejona86 and trustin and removed request for Scottmitch September 22, 2018 22:51
carl-mastrangelo
carl-mastrangelo approved these changes Sep 24, 2018
View reviewed changes
Copy link
Copy Markdown
Member

@carl-mastrangelo carl-mastrangelo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@normanmaurer normanmaurer added this to the 4.1.31.Final milestone Sep 28, 2018
@normanmaurer normanmaurer merged commit a208f6d into 4.1 Sep 28, 2018
@normanmaurer normanmaurer deleted the tm_wrap branch September 28, 2018 07:20
@voidzcy voidzcy mentioned this pull request Jun 25, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@trustin trustin trustin approved these changes

@carl-mastrangelo carl-mastrangelo carl-mastrangelo approved these changes

@Scottmitch Scottmitch Awaiting requested review from Scottmitch

@ejona86 ejona86 Awaiting requested review from ejona86

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.1.31.Final

Development

Successfully merging this pull request may close these issues.

3 participants

@normanmaurer @trustin @carl-mastrangelo