[
https://issues.apache.org/jira/browse/RIVER-468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16904253#comment-16904253
]
Peter Firmstone commented on RIVER-468:
---------------------------------------
Thanks Shawn, nice fix.
> SSL Client credentials are not found with JDK 11.0.3 and greater
> ----------------------------------------------------------------
>
> Key: RIVER-468
> URL: https://issues.apache.org/jira/browse/RIVER-468
> Project: River
> Issue Type: Bug
> Components: net_jini_jeri
> Affects Versions: River_3.0.1
> Reporter: Shawn Ellis
> Priority: Major
> Attachments: ClientAuthManager-1.patch
>
>
> SSL Client Authentication fails with JDK 11.0.3 and greater due to changes
> with the JVM. The JVM change prevents Apache River services from
> communicating with each other if SSL Client Authentication is used.
> The invocation of ClientAuthManager.chooseClientAlias() was changed with JDK
> 11.0.3. Prior versions would invoke chooseClientAlias once with multiple
> keyType elements. JDK 11.0.3 and later versions invoke chooseClientAlias
> multiple times with a single element in the keytype array.
> Ex.
> JDK 11.0.2 and earlier:
> {code:java}
> choseClientAlias({ "EC", "RSA", "DSA" }, socket);{code}
> JDK 11.0.3 and greater:
>
> {code:java}
> for (String keyType : { "EC", "RSA", "DSA" }) {
> choseClientAlias({ keyType }, socket);
> }
> {code}
>
> ClientAuthManger.java was modified to store the SecurityException or
> GeneralSecurityException in a map based upon the keytype. This allows River
> to work with older and later versions of the JVM. The attached patch is based
> upon the Apache River 3.0 branch.
> [^ClientAuthManager-1.patch]
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
