Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UNDERTOW-1791: Migrate from getPeerCertificateChain to getPeerCertificates #988

Merged
merged 1 commit into from Dec 3, 2020
Merged

UNDERTOW-1791: Migrate from getPeerCertificateChain to getPeerCertificates #988

merged 1 commit into from Dec 3, 2020

Conversation

carterkozak
Copy link
Contributor

@carterkozak carterkozak commented Nov 13, 2020
edited by fl4via

Jira: https://issues.redhat.com/browse/UNDERTOW-1791

Java 15 runtimes default jsse SSLSession implementation throws an
UnsupportedOperationException when getPeerCertificateChain is called.
https://www.oracle.com/java/technologies/javase/15-relnote-issues.html#JDK-8241039

In this PR I have replaced uses of getPeerCertificateChain with getPeerCertificates, however I have not provided an implementation of sslsessioninfo.getPeerCertificateChain which delegates to getPeerCertificates and converts to the javax variant. It's unclear if that would be desirable.
It appears unlikely that there are cases in which getPeerCertificates produces different results, but it's possible a SSLSession implementation is incorrect in a way that causes this change to introduce failures. We could flag this behavior behind a property.

@carterkozak carterkozak mentioned this pull request Nov 13, 2020
Closed
@ropalka ropalka added bug fix Contains bug fix(es) next release This PR will be merged before next release or has already been merged (for payload double check) labels Nov 25, 2020
@fl4via fl4via added the failed CI Introduced new regession(s) during CI check label Dec 3, 2020
@fl4via
Copy link
Member

fl4via commented Dec 3, 2020

this PR introduced a regression in the SSL tests and will require some investigation before being merged

@fl4via fl4via removed the next release This PR will be merged before next release or has already been merged (for payload double check) label Dec 3, 2020
@carterkozak
UNDERTOW-1791: Migrate from getPeerCertificateChain to getPeerCertifi…
0bb82d2 
…cates

On java 15 runtimes the default jsse SSLSession implementation throws an
UnsupportedOperationException when getPeerCertificateChain is called.
https://www.oracle.com/java/technologies/javase/15-relnote-issues.html#JDK-8241039
@carterkozak
Copy link
Contributor Author

I've fixed the failure -- sorry about that. Hopefully it's not too late for 2.2.3.Final.

@fl4via
Copy link
Member

fl4via commented Dec 3, 2020

thanks, there is still time for 2.2.3.Final @carterkozak !

@fl4via fl4via added next release This PR will be merged before next release or has already been merged (for payload double check) waiting CI check Ready to be merged but waiting for CI check and removed failed CI Introduced new regession(s) during CI check waiting CI check Ready to be merged but waiting for CI check labels Dec 3, 2020
@fl4via fl4via merged commit 2f33bc7 into undertow-io:master Dec 3, 2020
@fl4via fl4via removed the next release This PR will be merged before next release or has already been merged (for payload double check) label Dec 7, 2020
@fl4via fl4via mentioned this pull request Sep 18, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ropalka ropalka ropalka approved these changes

Assignees
No one assigned
Labels
bug fix Contains bug fix(es)
Projects
None yet
Milestone
No milestone
3 participants
@carterkozak @fl4via @ropalka