Details
-
Bug
-
Resolution: Fixed
-
P2
-
1.0, 1.0.1, unknown, 1.0.2
-
None
-
ventura
-
generic
-
generic
Description
From an email received via RMI group. (See comments for
header information.)
I've run into a problem with the fix for bug ID 4387023,
"SSLSocketImpl.setNeedClientAuth is not checking for servermode".
In my RMI security provider based on JSSE, I create the server-side
socket by accepting a connection with a plain ServerSocket, calling
SSLSocketFactory.createSocket to layer an SSL socket on top of the
accepted socket, and then calling SSLSocket.setUseClientMode with an
argument of false to convert the socket to a server-side socket.
I discovered under JSSE 1.0.2 that, if I wanted client authentication, I
needed to call setNeedClientAuth before calling setUseClientMode because
calling setUseClientMode initiates the handshake.
The fix to 4387023 means that this scheme no longer works. I can't call
setNeedClientAuth prior to calling setUseClientMode, because the socket
is still a client-side socket and throws IllegalArgumentException, but
calling setUseClientMode completes the handshake before I have a chance
to ask for client authentication.
How should applications use layered SSL sockets on the server side and
request client authentication in the face of this change?
- Tim
header information.)
I've run into a problem with the fix for bug ID 4387023,
"SSLSocketImpl.setNeedClientAuth is not checking for servermode".
In my RMI security provider based on JSSE, I create the server-side
socket by accepting a connection with a plain ServerSocket, calling
SSLSocketFactory.createSocket to layer an SSL socket on top of the
accepted socket, and then calling SSLSocket.setUseClientMode with an
argument of false to convert the socket to a server-side socket.
I discovered under JSSE 1.0.2 that, if I wanted client authentication, I
needed to call setNeedClientAuth before calling setUseClientMode because
calling setUseClientMode initiates the handshake.
The fix to 4387023 means that this scheme no longer works. I can't call
setNeedClientAuth prior to calling setUseClientMode, because the socket
is still a client-side socket and throws IllegalArgumentException, but
calling setUseClientMode completes the handshake before I have a chance
to ask for client authentication.
How should applications use layered SSL sockets on the server side and
request client authentication in the face of this change?
- Tim
Attachments
Issue Links
- relates to
-
-
- Resolved
-