Hi Andrew,
Andrew Fan wrote:
Bruno Harbulot wrote:
Hi Andrew,
OK, but the problem is precisely that this
"socket.getLocalAddress().isAnyLocalAddress()" is always true,
regardless of what the actual socket has been configured with.
"socket.getLocalAddress()" always returns 0.0.0.0, because this
information isn't passed from SSLServerSocketImpl to the temporary
SSLSocketImpl, which is then passed to chooseServerAlias(). This
workaround cannot work.
The X509KeyManager.chooseServerAlias() may be called two ways, one is
just as your description, a temporary socket used via
SSLServerSocketImpl.checkEnabledSuites(). Once the check passed, the
server socket will not try to check it against the key manager anymore.
The other way, while handshaking, the X509KeyManager.chooseServerAlias()
will be called with the actual socket. The stack looks like,
X509KeyManager.chooseServerAlias()
ServerHandshaker.setupPrivateKeyAndChain()
trySetCipherSuite
chooseCipherSuite
ServerHandshaker.clientHello()
Handshaker.processMessage()
Please have a try with a workaround, any feedback are welcome.
I see, this works indeed when it's called during the handshake. I had
misunderstood what you meant in your first reply by:
Once the SSLServerSocketImpl.checkEnabledSuites() passed, the
following accepted socket will use the actual socket, the behavior
is just as your expect.
Sorry about that. Thanks for your help.
Bruno.
