[RIVER-468] SSL Client credentials are not found with JDK 11.0.3 and greater - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: River_3.0.1
Fix Version/s: None
Component/s: net_jini_jeri
Labels:
None

Description

SSL Client Authentication fails with JDK 11.0.3 and greater due to changes with the JVM. The JVM change prevents Apache River services from communicating with each other if SSL Client Authentication is used.

The invocation of ClientAuthManager.chooseClientAlias() was changed with JDK 11.0.3. Prior versions would invoke chooseClientAlias once with multiple keyType elements. JDK 11.0.3 and later versions invoke chooseClientAlias multiple times with a single element in the keytype array.

Ex.

JDK 11.0.2 and earlier:

choseClientAlias({ "EC", "RSA", "DSA" }, socket);

JDK 11.0.3 and greater:

for (String keyType : { "EC", "RSA", "DSA" }) { 
    choseClientAlias({ keyType }, socket);
}

ClientAuthManger.java was modified to store the SecurityException or GeneralSecurityException in a map based upon the keytype. This allows River to work with older and later versions of the JVM. The attached patch is based upon the Apache River 3.0 branch.

ClientAuthManager-1.patch

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ClientAuthManager-1.patch
19/Jun/19 10:06
4 kB
Shawn Ellis

Activity

People

Assignee:: Unassigned

Reporter:: Shawn Ellis

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 19/Jun/19 10:05

Updated:: 09/Aug/19 23:44