[jira] [Updated] (RIVER-468) SSL Client credentials are not found with JDK 11.0.3 and greater

["Shawn Ellis (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/RIVER-468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shawn Ellis updated RIVER-468:
------------------------------
    Summary: SSL Client credentials are not found with JDK 11.0.3 and greater  (was: SSL Client credentials not found with JDK 11.0.3 and greater)

> SSL Client credentials are not found with JDK 11.0.3 and greater
> ----------------------------------------------------------------
>
>                 Key: RIVER-468
>                 URL: https://issues.apache.org/jira/browse/RIVER-468
>             Project: River
>          Issue Type: Bug
>          Components: net_jini_jeri
>    Affects Versions: River_3.0.1
>            Reporter: Shawn Ellis
>            Priority: Major
>         Attachments: ClientAuthManager-1.patch
>
>
> SSL Client Authentication fails with JDK 11.0.3 and greater due to changes with the JVM. The JVM change prevents Apache River services from communicating with each other if SSL Client Authentication is used.
> The invocation of ClientAuthManager.chooseClientAlias() was changed with JDK 11.0.3. Prior versions would invoke chooseClientAlias once with multiple keyType elements. JDK 11.0.3 and later versions invoke chooseClientAlias multiple times with a single element in the keytype array.
> Ex.
> JDK 11.0.2 and earlier:
> choseClientAlias(\{ "EC", "RSA", "DSA" }, socket);
> JDK 11.0.3 and greater:
> for (String keyType : \{ "EC", "RSA", "DSA" })
> { choseClientAlias(\\{ keyType }
> , socket);
>  }
> ClientAuthManger.java was modified to store the SecurityException or GeneralSecurityException in a map based upon the keytype. This allows River to work with older and later versions of the JVM. The attached patch is based upon the Apache River 3.0 branch.
>  
> [^ClientAuthManager-1.patch]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)