On Wed, 5 Jul 2023 20:25:26 GMT, Kevin Driver <kdri...@openjdk.org> wrote:

> JDK-8295068: an NPE is thrown when an invalid `id` is found to match up a 
> `ClientCertificateType`; rather than throwing the `NPE`, we now throw an 
> `IllegalArgumentException`. This does not seem to be a scenario where 
> recovery is possible or desired, so the `IAE` should be the proper behavior.

Changes requested by xuelei (Reviewer).

src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 134:

> 132:                     throw new IllegalArgumentException(id + " was " +
> 133:                             "not a valid ClientCertificateType id");
> 134:                 }

It may not comply to TLS specification if throwing exception here.  Unknown 
types should be ignored for compatibility.

- if (cct.isAvailable) {
+ if (cct != null && cct.isAvailable) {

-------------

PR Review: https://git.openjdk.org/jdk/pull/14778#pullrequestreview-1515892219
PR Review Comment: https://git.openjdk.org/jdk/pull/14778#discussion_r1254023615

Reply via email to