Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8261624 Problem looking up Client Certificates in keystore
  3. JDK-8265499

Release Note: Problem looking up Client Certificates in keystore

    XMLWordPrintable

Details

    Description

      Prior to JDK 8u261, the JSSE framework passed an array of Strings of all keytypes in one call to the (delegate) javax.net.ssl.X509KeyManager.chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) implementation when client authentication is present in an application. Since JDK 8u261, the internal JDK libraries may call the delegate `javax.net.ssl.X509KeyManager.chooseClientAlias` method in multiple iterations while performing client authentication. One key type per call.
      https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/X509KeyManager.html#chooseClientAlias-java.lang.String:A-java.security.Principal:A-java.net.Socket-

      If application code implements `javax.net.ssl.X509KeyManager`, ensure that the code logic in that implementation does not assume that all keytypes are passed in the `keyType` String array in the first call to chooseClientAlias: `String chooseClientAlias​(String[] keyType, Principal[] issuers, Socket socket)`

      Attachments

        Activity

          People

            pkoppula Prasadarao Koppula
            pkoppula Prasadarao Koppula
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: