archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-21 03:24:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2

Browse source 
Reviewed-by: xuelei
This commit is contained in:
Jamil Nimeh 2018-10-16 12:05:57 -07:00
parent a9b4ac9c37
commit a40d0a0ee1
3 changed files with 84 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/java.base/share/classes/sun/security/ssl/X509Authentication.java
View file

@ -170,7 +170,7 @@ enum X509Authentication implements SSLAuthentication {
return null;
}
// Used by TLS 1.3 only.
// Used by TLS 1.2 and TLS 1.3.
private SSLPossession createClientPossession(
ClientHandshakeContext chc, String keyType) {
X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager();
@ -178,11 +178,13 @@ enum X509Authentication implements SSLAuthentication {
if (chc.conContext.transport instanceof SSLSocketImpl) {
clientAlias = km.chooseClientAlias(
new String[] { keyType },
null, (SSLSocket)chc.conContext.transport);
chc.peerSupportedAuthorities,
(SSLSocket)chc.conContext.transport);
} else if (chc.conContext.transport instanceof SSLEngineImpl) {
clientAlias = km.chooseEngineClientAlias(
new String[] { keyType },
null, (SSLEngine)chc.conContext.transport);
chc.peerSupportedAuthorities,
(SSLEngine)chc.conContext.transport);
}
if (clientAlias == null) {