Shawn Ellis created RIVER-468:
---------------------------------
Summary: SSL Client Authentication doesn't work with JDK 11.0.3
and greater
Key: RIVER-468
URL: https://issues.apache.org/jira/browse/RIVER-468
Project: River
Issue Type: Bug
Components: net_jini_jeri
Affects Versions: River_3.0.1
Reporter: Shawn Ellis
SSL Client Authentication fails with JDK 11.0.3 and greater due to changes with
the JVM. The JVM change prevents Apache River services from communicating with
each other if SSL Client Authentication is used.
The invocation of ClientAuthManager.chooseClientAlias() was changed with JDK
11.0.3. Prior versions would invoke chooseClientAlias once with multiple
keyType elements. JDK 11.0.3 and later versions invoke chooseClientAlias
multiple times with a single element in the keytype array.
Ex.
JDK 11.0.2 and earlier:
choseClientAlias(\{ "EC", "RSA", "DSA" }, socket);
JDK 11.0.3 and greater:
for (String keyType : \{ "EC", "RSA", "DSA" }) {
choseClientAlias(\{ keyType }, socket);
}
ClientAuthManger.java was modified to store the SecurityException or
GeneralSecurityException in a map based upon the keytype. This allows River to
work with older and later versions of the JVM. The attached patch is based upon
the Apache River 3.0 branch.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
