You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by "Shawn Ellis (JIRA)" <ji...@apache.org> on 2019/06/19 10:06:00 UTC
[jira] [Created] (RIVER-468) SSL Client Authentication doesn't work
with JDK 11.0.3 and greater
Shawn Ellis created RIVER-468:
---------------------------------
Summary: SSL Client Authentication doesn't work with JDK 11.0.3 and greater
Key: RIVER-468
URL: https://issues.apache.org/jira/browse/RIVER-468
Project: River
Issue Type: Bug
Components: net_jini_jeri
Affects Versions: River_3.0.1
Reporter: Shawn Ellis
SSL Client Authentication fails with JDK 11.0.3 and greater due to changes with the JVM. The JVM change prevents Apache River services from communicating with each other if SSL Client Authentication is used.
The invocation of ClientAuthManager.chooseClientAlias() was changed with JDK 11.0.3. Prior versions would invoke chooseClientAlias once with multiple keyType elements. JDK 11.0.3 and later versions invoke chooseClientAlias multiple times with a single element in the keytype array.
Ex.
JDK 11.0.2 and earlier:
choseClientAlias(\{ "EC", "RSA", "DSA" }, socket);
JDK 11.0.3 and greater:
for (String keyType : \{ "EC", "RSA", "DSA" }) {
choseClientAlias(\{ keyType }, socket);
}
ClientAuthManger.java was modified to store the SecurityException or GeneralSecurityException in a map based upon the keytype. This allows River to work with older and later versions of the JVM. The attached patch is based upon the Apache River 3.0 branch.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)