X509TrustManager with OPENSSL provider is not wrapped with hostname verification if Conscrypt is inserted in the first place (#10375)
Motivation: Modifications: Directly specify the provider which is used to create the SSLContext Result: Fixes https://github.com/netty/netty/issues/10374
This commit is contained in:
Norman Maurer
parent
163c2fc220
commit
b2726c4919
@ -28,6 +28,7 @@ import java.lang.reflect.Field;
|
||||
import java.security.AccessController;
|
||||
import java.security.KeyManagementException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
@ -140,8 +141,10 @@ final class OpenSslX509TrustManagerWrapper {
|
||||
X509TrustManager wrapIfNeeded(X509TrustManager manager);
|
||||
}
|
||||
|
||||
private static SSLContext newSSLContext() throws NoSuchAlgorithmException {
|
||||
return SSLContext.getInstance("TLS");
|
||||
private static SSLContext newSSLContext() throws NoSuchAlgorithmException, NoSuchProviderException {
|
||||
// As this depends on the implementation detail we should explicit select the correct provider.
|
||||
// See https://github.com/netty/netty/issues/10374
|
||||
return SSLContext.getInstance("TLS", "SunJSSE");
|
||||
}
|
||||
|
||||
private static final class UnsafeTrustManagerWrapper implements TrustManagerWrapper {
|
||||
@ -166,8 +169,8 @@ final class OpenSslX509TrustManagerWrapper {
|
||||
return (X509TrustManager) tm;
|
||||
}
|
||||
}
|
||||
} catch (NoSuchAlgorithmException | KeyManagementException e) {
|
||||
// This should never happen as we did the same in the static
|
||||
} catch (NoSuchAlgorithmException | KeyManagementException | NoSuchProviderException e) {
|
||||
// This should never happen as we did the same in the static block
|
||||
// before.
|
||||
PlatformDependent.throwException(e);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user