Certificate factory initialization without provider registered causes new provider #146
Comments
|
Sorry, that's BC 1.54. |
|
Any thoughts on this? We have proceeded to patch around it by registering and unregistering the provider around this code, but it's a pretty gross solution. |
|
Try https://downloads.bouncycastle.org/betas/ 155b16 or later. |
|
Believed fixed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have noticed since updating to BC 1.5.4 that CertificateFactory now causes new providers to be created if none is registered. This is due to the creation of a new BCJcaJceHelper on every factory instance in 4eecbee.
We use BC to implement an OpenSSL-lookalike API for JRuby. Because of the nasty Security.addProvider dance, and the potential for classloader leaks if we don't unregister, we have tried to avoid registering BC as a provider except when opted into by the user. That has worked ok for us, accessing BC directly as much as possible, but the above change requires that a provider be registered, or every BCJcaJceHelper will construct a new provider.
See jruby/jruby-openssl#94 for the bug on our end.
I'm not sure what the fix is. If a provider is really needed to create a CertificateFactory, and there's no way to pass the provider through the SPI construction process, then there may be no way to avoid it.
If possible, though, it would be great to fix this or come up with an alternative to 4eecbee, since we really don't want to have to use the JDK's crufty registration logic.
The text was updated successfully, but these errors were encountered: