Details
-
Bug
-
Status: Closed
-
P4
-
Resolution: Fixed
-
8, 11, 16
-
b17
-
Verified
Description
ADDITIONAL SYSTEM INFORMATION :
Presumably has been there since time immemorial but I didn't try to narrow it down.
A DESCRIPTION OF THE PROBLEM :
During code review I noted that the wrong alias is used in this call to getProtectionParameter:
https://github.com/openjdk/jdk/blob/ee5e00b05f5ae8410bc31e15381d068d09c53422/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java#L272-L273
'alias' is a composite of three dot-separated parts, of which 'keyStoreAlias' is the third, and would be the correct argument for this call (as it is also the argument to getEntry in these lines).
It seems the implementations of getProtectionParameter included in the JDK do not make use of the alias (apart from a null check), so there is no effect in typical usages. However KeyStore.Builder is an open API so the bug potentially affects other implementations.
FREQUENCY : always
Presumably has been there since time immemorial but I didn't try to narrow it down.
A DESCRIPTION OF THE PROBLEM :
During code review I noted that the wrong alias is used in this call to getProtectionParameter:
https://github.com/openjdk/jdk/blob/ee5e00b05f5ae8410bc31e15381d068d09c53422/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java#L272-L273
'alias' is a composite of three dot-separated parts, of which 'keyStoreAlias' is the third, and would be the correct argument for this call (as it is also the argument to getEntry in these lines).
It seems the implementations of getProtectionParameter included in the JDK do not make use of the alias (apart from a null check), so there is no effect in typical usages. However KeyStore.Builder is an open API so the bug potentially affects other implementations.
FREQUENCY : always
