stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8151465: SSLSession may not return a valid chain

Browse Source 
Reviewed-by: mullan, ahgross
This commit is contained in:
Xue-Lei Andrew Fan 2016-07-27 02:23:16 +00:00
parent f82a7d2bdd
commit d109f68ebd
4 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jdk/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java
View File

@ -69,6 +69,10 @@ class HttpsURLConnection extends HttpURLConnection
/** /**
* Returns the server's X.509 certificate chain, or null if * Returns the server's X.509 certificate chain, or null if
* the server did not authenticate. * the server did not authenticate.
* <P>
* Note: The returned value may not be a valid certificate chain
* and should not be relied on for trust decisions.
*
* @return the server certificate chain * @return the server certificate chain
*/ */
public abstract Certificate[] getServerCertificates() public abstract Certificate[] getServerCertificates()

8
jdk/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -120,6 +120,9 @@ public class HandshakeCompletedEvent extends EventObject
* Note: This method can be used only when using certificate-based * Note: This method can be used only when using certificate-based
* cipher suites; using it with non-certificate-based cipher suites, * cipher suites; using it with non-certificate-based cipher suites,
* such as Kerberos, will throw an SSLPeerUnverifiedException. * such as Kerberos, will throw an SSLPeerUnverifiedException.
* <P>
* Note: The returned value may not be a valid certificate chain
* and should not be relied on for trust decisions.
* *
* @return an ordered array of the peer certificates, * @return an ordered array of the peer certificates,
* with the peer's own certificate first followed by * with the peer's own certificate first followed by
@ -140,6 +143,9 @@ public class HandshakeCompletedEvent extends EventObject
* Note: This method can be used only when using certificate-based * Note: This method can be used only when using certificate-based
* cipher suites; using it with non-certificate-based cipher suites, * cipher suites; using it with non-certificate-based cipher suites,
* such as Kerberos, will throw an SSLPeerUnverifiedException. * such as Kerberos, will throw an SSLPeerUnverifiedException.
* <P>
* Note: The returned value may not be a valid certificate chain
* and should not be relied on for trust decisions.
* *
* <p><em>Note: this method exists for compatibility with previous * <p><em>Note: this method exists for compatibility with previous
* releases. New applications should use * releases. New applications should use

5
jdk/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -104,6 +104,9 @@ class HttpsURLConnection extends HttpURLConnection
* Note: This method can be used only when using certificate-based * Note: This method can be used only when using certificate-based
* cipher suites; using it with non-certificate-based cipher suites, * cipher suites; using it with non-certificate-based cipher suites,
* such as Kerberos, will throw an SSLPeerUnverifiedException. * such as Kerberos, will throw an SSLPeerUnverifiedException.
* <P>
* Note: The returned value may not be a valid certificate chain
* and should not be relied on for trust decisions.
* *
* @return an ordered array of server certificates, * @return an ordered array of server certificates,
* with the peer's own certificate first followed by * with the peer's own certificate first followed by

8
jdk/src/java.base/share/classes/javax/net/ssl/SSLSession.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -219,6 +219,9 @@ public interface SSLSession {
* Note: This method can be used only when using certificate-based * Note: This method can be used only when using certificate-based
* cipher suites; using it with non-certificate-based cipher suites, * cipher suites; using it with non-certificate-based cipher suites,
* such as Kerberos, will throw an SSLPeerUnverifiedException. * such as Kerberos, will throw an SSLPeerUnverifiedException.
* <P>
* Note: The returned value may not be a valid certificate chain
* and should not be relied on for trust decisions.
* *
* @return an ordered array of peer certificates, * @return an ordered array of peer certificates,
* with the peer's own certificate first followed by any * with the peer's own certificate first followed by any
@ -259,6 +262,9 @@ public interface SSLSession {
* Note: This method can be used only when using certificate-based * Note: This method can be used only when using certificate-based
* cipher suites; using it with non-certificate-based cipher suites, * cipher suites; using it with non-certificate-based cipher suites,
* such as Kerberos, will throw an SSLPeerUnverifiedException. * such as Kerberos, will throw an SSLPeerUnverifiedException.
* <P>
* Note: The returned value may not be a valid certificate chain
* and should not be relied on for trust decisions.
* *
* <p><em>Note: this method exists for compatibility with previous * <p><em>Note: this method exists for compatibility with previous
* releases. New applications should use * releases. New applications should use