You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2014/07/01 21:48:39 UTC

[2/3] git commit: [CXF-5818] Fix stackoverflow with TLS

[CXF-5818] Fix stackoverflow with TLS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0f0447ec
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0f0447ec
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0f0447ec

Branch: refs/heads/2.7.x-fixes
Commit: 0f0447ec9683684fe5e31571f1e06db62f295e2c
Parents: b85c6a1
Author: Daniel Kulp <dk...@apache.org>
Authored: Tue Jul 1 15:21:48 2014 -0400
Committer: Daniel Kulp <dk...@apache.org>
Committed: Tue Jul 1 15:48:18 2014 -0400

----------------------------------------------------------------------
 .../apache/cxf/transport/https/HttpsURLConnectionFactory.java   | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0f0447ec/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
index 449656c..d8b9001 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
@@ -174,6 +174,8 @@ public class HttpsURLConnectionFactory {
             // from the policy.
             socketFactory = new SSLSocketFactoryWrapper(ctx.getSocketFactory(), cipherSuites,
                                                         tlsClientParameters.getSecureSocketProtocol());
+            //recalc the hashcode since somet of the above MAY have changed the tlsClientParameters 
+            lastTlsHash = tlsClientParameters.hashCode();
         } else {
            // ssl socket factory already initialized, reuse it to benefit of keep alive
         }
@@ -261,7 +263,8 @@ public class HttpsURLConnectionFactory {
                                                KeyManager[] keyManagers) throws GeneralSecurityException {
         if (tlsClientParameters.getCertAlias() != null) {
             for (int idx = 0; idx < keyManagers.length; idx++) {
-                if (keyManagers[idx] instanceof X509KeyManager) {
+                if (keyManagers[idx] instanceof X509KeyManager
+                    && !(keyManagers[idx] instanceof AliasedX509ExtendedKeyManager)) {
                     try {
                         keyManagers[idx] = new AliasedX509ExtendedKeyManager(
                             tlsClientParameters.getCertAlias(), (X509KeyManager)keyManagers[idx]);