[
https://issues.apache.org/jira/browse/RIVER-468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shawn Ellis updated RIVER-468:
------------------------------
Attachment: ClientAuthManager-1.patch
> SSL Client Authentication doesn't work with JDK 11.0.3 and greater
> ------------------------------------------------------------------
>
> Key: RIVER-468
> URL: https://issues.apache.org/jira/browse/RIVER-468
> Project: River
> Issue Type: Bug
> Components: net_jini_jeri
> Affects Versions: River_3.0.1
> Reporter: Shawn Ellis
> Priority: Major
> Attachments: ClientAuthManager-1.patch
>
>
> SSL Client Authentication fails with JDK 11.0.3 and greater due to changes
> with the JVM. The JVM change prevents Apache River services from
> communicating with each other if SSL Client Authentication is used.
> The invocation of ClientAuthManager.chooseClientAlias() was changed with JDK
> 11.0.3. Prior versions would invoke chooseClientAlias once with multiple
> keyType elements. JDK 11.0.3 and later versions invoke chooseClientAlias
> multiple times with a single element in the keytype array.
> Ex.
> JDK 11.0.2 and earlier:
> choseClientAlias(\{ "EC", "RSA", "DSA" }, socket);
> JDK 11.0.3 and greater:
> for (String keyType : \{ "EC", "RSA", "DSA" }) {
> choseClientAlias(\{ keyType }, socket);
> }
> ClientAuthManger.java was modified to store the SecurityException or
> GeneralSecurityException in a map based upon the keytype. This allows River
> to work with older and later versions of the JVM. The attached patch is based
> upon the Apache River 3.0 branch.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
