From b2726c4919882dd28619c1c196688182b8c509b1 Mon Sep 17 00:00:00 2001
From: Norman Maurer <norman_maurer@apple.com>
Date: Thu, 25 Jun 2020 20:38:44 +0200
Subject: [PATCH] X509TrustManager with OPENSSL provider is not wrapped with
 hostname verification if Conscrypt is inserted in the first place (#10375)

Motivation:

Modifications:

Directly specify the provider which is used to create the SSLContext

Result:

Fixes https://github.com/netty/netty/issues/10374
---
 .../handler/ssl/OpenSslX509TrustManagerWrapper.java   | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslX509TrustManagerWrapper.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslX509TrustManagerWrapper.java
index 08a4e26759..6a2dd8f80b 100644
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslX509TrustManagerWrapper.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslX509TrustManagerWrapper.java
@@ -28,6 +28,7 @@ import java.lang.reflect.Field;
 import java.security.AccessController;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.PrivilegedAction;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -140,8 +141,10 @@ final class OpenSslX509TrustManagerWrapper {
         X509TrustManager wrapIfNeeded(X509TrustManager manager);
     }
 
-    private static SSLContext newSSLContext() throws NoSuchAlgorithmException {
-        return SSLContext.getInstance("TLS");
+    private static SSLContext newSSLContext() throws NoSuchAlgorithmException, NoSuchProviderException {
+        // As this depends on the implementation detail we should explicit select the correct provider.
+        // See https://github.com/netty/netty/issues/10374
+        return SSLContext.getInstance("TLS", "SunJSSE");
     }
 
     private static final class UnsafeTrustManagerWrapper implements TrustManagerWrapper {
@@ -166,8 +169,8 @@ final class OpenSslX509TrustManagerWrapper {
                             return (X509TrustManager) tm;
                         }
                     }
-                } catch (NoSuchAlgorithmException | KeyManagementException e) {
-                    // This should never happen as we did the same in the static
+                } catch (NoSuchAlgorithmException | KeyManagementException | NoSuchProviderException e) {
+                    // This should never happen as we did the same in the static block
                     // before.
                     PlatformDependent.throwException(e);
                 }