-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
14.0.1
-
generic
-
generic
When using "PKIX" as KeyManagerFactoryAlgorithm, the alias is
manipulated from what's in the keystore (for example, "jetty") to an
internal format such as "N.0.jetty", where N is an increasing number
(in sun.security.ssl.X509KeyManagerImpl.makeAlias()).
The problem is that (especially in case of SNI) the KeyManager could
be wrapped by a user-written KeyManager that may delegate to the JDK
one.
When the user-written KeyManager delegates to the JDK instance by
calling keyManager.getServerAliases(keyType, issuers), an array of
aliases is returned, but the aliases are of the internal format
described above.
This makes the user-written code fail any logic that is based on the
aliases, as comparing these internal formats with the ones present in
the KeyStore will fail.
manipulated from what's in the keystore (for example, "jetty") to an
internal format such as "N.0.jetty", where N is an increasing number
(in sun.security.ssl.X509KeyManagerImpl.makeAlias()).
The problem is that (especially in case of SNI) the KeyManager could
be wrapped by a user-written KeyManager that may delegate to the JDK
one.
When the user-written KeyManager delegates to the JDK instance by
calling keyManager.getServerAliases(keyType, issuers), an array of
aliases is returned, but the aliases are of the internal format
described above.
This makes the user-written code fail any logic that is based on the
aliases, as comparing these internal formats with the ones present in
the KeyStore will fail.