Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8261624 Problem looking up Client Certificates in keystore
  3. JDK-8265499

Release Note: Problem looking up Client Certificates in keystore

XMLWordPrintable

      Prior to JDK 8u261, the JSSE framework passed an array of Strings of all keytypes in one call to the (delegate) javax.net.ssl.X509KeyManager.chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) implementation when client authentication is present in an application. Since JDK 8u261, the internal JDK libraries may call the delegate `javax.net.ssl.X509KeyManager.chooseClientAlias` method in multiple iterations while performing client authentication. One key type per call.
      https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/X509KeyManager.html#chooseClientAlias-java.lang.String:A-java.security.Principal:A-java.net.Socket-

      If application code implements `javax.net.ssl.X509KeyManager`, ensure that the code logic in that implementation does not assume that all keytypes are passed in the `keyType` String array in the first call to chooseClientAlias: `String chooseClientAlias​(String[] keyType, Principal[] issuers, Socket socket)`

            pkoppula Prasadarao Koppula
            pkoppula Prasadarao Koppula
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: