-
Bug
-
Resolution: Fixed
-
P4
-
11, 17, 21, 22
-
b11
-
generic
-
generic
-
Verified
A DESCRIPTION OF THE PROBLEM :
The jdk.internal.net.http.common.Utils#copySSLParameters function calls `setNeedClientAuth` before `setWantClientAuth`. Both of these flags are mutually exclusive and when called, set the other value to false. Since `setWantClientAuth` is called after `setNeedClientAuth`, `needClientAuth` will always be `false`.
This bug makes it impossible to create a HTTP client with `needClientAuth` set to `true`.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The code should not throw a RuntimeException since `needClientAuth` was set to `true`
ACTUAL -
The code throws a RuntimeException because `needClientAuth` is false after copying the SSLParameters object
---------- BEGIN SOURCE ----------
package org.example;
import javax.net.ssl.SSLParameters;
import java.net.http.HttpClient;
public class Reprod {
public static void main(String[] args) {
final var sslParams = new SSLParameters();
sslParams.setNeedClientAuth(true);
final var httpClient = HttpClient.newBuilder().sslParameters(sslParams).build();
if (!httpClient.sslParameters().getNeedClientAuth()) {
throw new RuntimeException();
}
}
}
---------- END SOURCE ----------
The jdk.internal.net.http.common.Utils#copySSLParameters function calls `setNeedClientAuth` before `setWantClientAuth`. Both of these flags are mutually exclusive and when called, set the other value to false. Since `setWantClientAuth` is called after `setNeedClientAuth`, `needClientAuth` will always be `false`.
This bug makes it impossible to create a HTTP client with `needClientAuth` set to `true`.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The code should not throw a RuntimeException since `needClientAuth` was set to `true`
ACTUAL -
The code throws a RuntimeException because `needClientAuth` is false after copying the SSLParameters object
---------- BEGIN SOURCE ----------
package org.example;
import javax.net.ssl.SSLParameters;
import java.net.http.HttpClient;
public class Reprod {
public static void main(String[] args) {
final var sslParams = new SSLParameters();
sslParams.setNeedClientAuth(true);
final var httpClient = HttpClient.newBuilder().sslParameters(sslParams).build();
if (!httpClient.sslParameters().getNeedClientAuth()) {
throw new RuntimeException();
}
}
}
---------- END SOURCE ----------
- relates to
-
-
- Resolved
-
-
JDK-8311114 Mutual TLS NeedClientAuth configuration gets reset to ClientAuthNone as tri state logic is controlled by a boolean value
-
- New
-
