You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have noticed since updating to BC 1.5.4 that CertificateFactory now causes new providers to be created if none is registered. This is due to the creation of a new BCJcaJceHelper on every factory instance in 4eecbee.
We use BC to implement an OpenSSL-lookalike API for JRuby. Because of the nasty Security.addProvider dance, and the potential for classloader leaks if we don't unregister, we have tried to avoid registering BC as a provider except when opted into by the user. That has worked ok for us, accessing BC directly as much as possible, but the above change requires that a provider be registered, or every BCJcaJceHelper will construct a new provider.
I'm not sure what the fix is. If a provider is really needed to create a CertificateFactory, and there's no way to pass the provider through the SPI construction process, then there may be no way to avoid it.
If possible, though, it would be great to fix this or come up with an alternative to 4eecbee, since we really don't want to have to use the JDK's crufty registration logic.
The text was updated successfully, but these errors were encountered:
Any thoughts on this? We have proceeded to patch around it by registering and unregistering the provider around this code, but it's a pretty gross solution.
We have noticed since updating to BC 1.5.4 that CertificateFactory now causes new providers to be created if none is registered. This is due to the creation of a new BCJcaJceHelper on every factory instance in 4eecbee.
We use BC to implement an OpenSSL-lookalike API for JRuby. Because of the nasty Security.addProvider dance, and the potential for classloader leaks if we don't unregister, we have tried to avoid registering BC as a provider except when opted into by the user. That has worked ok for us, accessing BC directly as much as possible, but the above change requires that a provider be registered, or every BCJcaJceHelper will construct a new provider.
See jruby/jruby-openssl#94 for the bug on our end.
I'm not sure what the fix is. If a provider is really needed to create a CertificateFactory, and there's no way to pass the provider through the SPI construction process, then there may be no way to avoid it.
If possible, though, it would be great to fix this or come up with an alternative to 4eecbee, since we really don't want to have to use the JDK's crufty registration logic.
The text was updated successfully, but these errors were encountered: