[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-security-dev
Subject:    Re: RFR: 8294983: SSLEngine throws ClassCastException during handshake [v2]
From:       Mark Powers <mpowers () openjdk ! org>
Date:       2023-04-28 22:11:52
Message-ID: 6BXxNg4GFFYBW45XqG79pNGrTZQsaJgrqoKh--ycLis=.dc8e1050-bc14-4cd4-afde-3d431b863479 () github ! com
[Download RAW message or body]

On Fri, 28 Apr 2023 20:49:30 GMT, Kevin Driver <kdriver@openjdk.org> wrote:

> > Fixes a scenario where a `ServerHandshakeContext` might be cast as a \
> > `ClientHandshakeContext`.
> 
> Kevin Driver has updated the pull request with a new target base due to a merge or \
> a rebase. The incremental webrev excludes the unrelated changes brought in by the \
> merge/rebase. The pull request contains three additional commits since the last \
> revision: 
> - updated copyright
> - Merge branch 'master' of github.com:openjdk/jdk into JDK-8294983
> - set consumer to null if we're not in client mode

src/java.base/share/classes/sun/security/ssl/HandshakeContext.java line 2:

> 1: /*
> 2:  * Copyright (c) 2018, 2022, 2023, Oracle and/or its affiliates. All rights \
> reserved.

No need for 2022.

src/java.base/share/classes/sun/security/ssl/HandshakeContext.java line 457:

> 455:             // For TLS 1.2 and prior versions, the HelloRequest message MAY
> 456:             // be sent by the server at any time.
> 457:             consumer = conContext.sslConfig.isClientMode ?

This seems reasonable, but could you update the bug report to say why this fixes the \
problem?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13727#discussion_r1180845624
PR Review Comment: https://git.openjdk.org/jdk/pull/13727#discussion_r1180846282


[prev in list] [next in list] [prev in thread] [next in thread]