Elliminated some buggy behavior when using a KeyManagerFactory with OpenSslServerContext.
Motivation: PR #5493 added support for KeyManagerFactories when using the OpenSsl context. This commit corrects a bug causing a NullPointerException that occurs when using a KeyManagerFactory without a certificate chain and private key. Modifications: Removes assertNotNull() assertions which were causing a certificate chain and private key to be required even when using a KeyManagerFactory. Also removed a redundant call to buildKeyManagerFactory() which was also causing a exception when a KeyManagerFactory is provided but a certificate chain and private key is not. Result: A KeyManagerFactory can now be used in the OpenSslServerContext without an independent certificate chain and private key.
This commit is contained in:
Ian Haken
Norman Maurer
parent
87551fc751
commit
2ce1d29d4d
@ -349,9 +349,6 @@ public final class OpenSslServerContext extends OpenSslContext {
|
||||
// Create a new SSL_CTX and configure it.
|
||||
boolean success = false;
|
||||
try {
|
||||
checkNotNull(keyCertChain, "keyCertChainFile");
|
||||
checkNotNull(key, "keyFile");
|
||||
|
||||
synchronized (OpenSslContext.class) {
|
||||
try {
|
||||
SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
|
||||
@ -373,9 +370,7 @@ public final class OpenSslServerContext extends OpenSslContext {
|
||||
}
|
||||
|
||||
if (keyManagerFactory != null) {
|
||||
X509KeyManager keyManager = chooseX509KeyManager(
|
||||
buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory)
|
||||
.getKeyManagers());
|
||||
X509KeyManager keyManager = chooseX509KeyManager(keyManagerFactory.getKeyManagers());
|
||||
keyMaterialManager = useExtendedKeyManager(keyManager) ?
|
||||
new OpenSslExtendedKeyMaterialManager(
|
||||
(X509ExtendedKeyManager) keyManager, keyPassword) :
|
||||
|
||||
Loading…
Reference in New Issue
Block a user