Re: RFR: 8282309: Operation before upper case conversion

Bradford Wetmore Wed, 23 Feb 2022 10:31:44 -0800

On Wed, 23 Feb 2022 16:08:49 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:


> In the TlsChannelBinding.java implementation, the string operation is placed 
> before the case conversion. The behavior may be not expected.
> 
> 
>         String hashAlg = serverCertificate.getSigAlgName().
> -          replace("SHA", "SHA-").toUpperCase(Locale.ENGLISH);
> +         toUpperCase(Locale.ENGLISH).replace("SHA", "SHA-");
> 
> 
> See also [Bernd Eckenfels](mailto:e...@zusammenkunft.net) comment in [PR 
> 7583](https://github.com/openjdk/jdk/pull/7583)

Checking other java.security.*/sun.security.* components outside JSSE would be 
a good idea, but this particular change looks good to me also.

-------------

Marked as reviewed by wetmore (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/7592

Re: RFR: 8282309: Operation before upper case conversion

Reply via email to