[
https://issues.apache.org/jira/browse/RIVER-468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shawn Ellis updated RIVER-468:
------------------------------
Description:
SSL Client Authentication fails with JDK 11.0.3 and greater due to changes with
the JVM. The JVM change prevents Apache River services from communicating with
each other if SSL Client Authentication is used.
The invocation of ClientAuthManager.chooseClientAlias() was changed with JDK
11.0.3. Prior versions would invoke chooseClientAlias once with multiple
keyType elements. JDK 11.0.3 and later versions invoke chooseClientAlias
multiple times with a single element in the keytype array.
Ex.
JDK 11.0.2 and earlier:
choseClientAlias(\{ "EC", "RSA", "DSA" }, socket);
JDK 11.0.3 and greater:
for (String keyType : \{ "EC", "RSA", "DSA" })
{ choseClientAlias(\\{ keyType }
, socket);
}
ClientAuthManger.java was modified to store the SecurityException or
GeneralSecurityException in a map based upon the keytype. This allows River to
work with older and later versions of the JVM. The attached patch is based upon
the Apache River 3.0 branch.
[^ClientAuthManager-1.patch]
was:
SSL Client Authentication fails with JDK 11.0.3 and greater due to changes with
the JVM. The JVM change prevents Apache River services from communicating with
each other if SSL Client Authentication is used.
The invocation of ClientAuthManager.chooseClientAlias() was changed with JDK
11.0.3. Prior versions would invoke chooseClientAlias once with multiple
keyType elements. JDK 11.0.3 and later versions invoke chooseClientAlias
multiple times with a single element in the keytype array.
Ex.
JDK 11.0.2 and earlier:
choseClientAlias(\{ "EC", "RSA", "DSA" }, socket);
JDK 11.0.3 and greater:
for (String keyType : \{ "EC", "RSA", "DSA" }) {
choseClientAlias(\{ keyType }, socket);
}
ClientAuthManger.java was modified to store the SecurityException or
GeneralSecurityException in a map based upon the keytype. This allows River to
work with older and later versions of the JVM. The attached patch is based upon
the Apache River 3.0 branch.
> SSL Client Authentication doesn't work with JDK 11.0.3 and greater
> ------------------------------------------------------------------
>
> Key: RIVER-468
> URL: https://issues.apache.org/jira/browse/RIVER-468
> Project: River
> Issue Type: Bug
> Components: net_jini_jeri
> Affects Versions: River_3.0.1
> Reporter: Shawn Ellis
> Priority: Major
> Attachments: ClientAuthManager-1.patch
>
>
> SSL Client Authentication fails with JDK 11.0.3 and greater due to changes
> with the JVM. The JVM change prevents Apache River services from
> communicating with each other if SSL Client Authentication is used.
> The invocation of ClientAuthManager.chooseClientAlias() was changed with JDK
> 11.0.3. Prior versions would invoke chooseClientAlias once with multiple
> keyType elements. JDK 11.0.3 and later versions invoke chooseClientAlias
> multiple times with a single element in the keytype array.
> Ex.
> JDK 11.0.2 and earlier:
> choseClientAlias(\{ "EC", "RSA", "DSA" }, socket);
> JDK 11.0.3 and greater:
> for (String keyType : \{ "EC", "RSA", "DSA" })
> { choseClientAlias(\\{ keyType }
> , socket);
> }
> ClientAuthManger.java was modified to store the SecurityException or
> GeneralSecurityException in a map based upon the keytype. This allows River
> to work with older and later versions of the JVM. The attached patch is based
> upon the Apache River 3.0 branch.
>
> [^ClientAuthManager-1.patch]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
