Details
-
Enhancement
-
Resolution: Duplicate
-
P2
-
None
-
6u2
-
None
-
generic
-
generic
Description
In some cases it is necessary to subclass X509ExtendedTrustManager instead of X509TrustManager, specifically if you need to override the 4-argument forms of checkServerTrusted and checkClientTrusted, to get access to the peer's hostname and the encryption algorithm selected for the connection. Also, If you subclass X509TrustManager instead X509ExtendedTrustManager, the check for hostname masquerading is suppressed which means that the resulting application is not compliant with RFC 2459.
However X509ExtendedTrustManager is in the com.sun.net.ssl.internal.ssl namespace, and therefore shouldn't be subclassed. Note however that the directly analagous key manager class (X509ExtendedKeyManager) is in the javax.net.ssl namespace.
We addressed the request in the fix of CR 6916074 with a more general solution.
However X509ExtendedTrustManager is in the com.sun.net.ssl.internal.ssl namespace, and therefore shouldn't be subclassed. Note however that the directly analagous key manager class (X509ExtendedKeyManager) is in the javax.net.ssl namespace.
We addressed the request in the fix of CR 6916074 with a more general solution.
Attachments
Issue Links
- duplicates
-
JDK-6586276 SSLSockets and SSLEngines need a switch to enable hostname validation
- Closed
-
JDK-6916074 Add support for TLS 1.2
- Closed
- relates to
-
JDK-6766775 X509 certificate hostname checking is broken in JDK1.6.0_10
- Resolved
-
JDK-6586274 SSLSocketFactory and SSLServerSocketFactory can't be configured
- Closed
-
JDK-6586284 X509KeyManager and X509TrustManager need pre-keystore access callbacks
- Closed