On Thu, 29 May 2025 14:42:00 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Bradford Wetmore has updated the pull request with a new target base due to >> a merge or a rebase. The pull request now contains 37 commits: >> >> - Merge branch 'master' into JDK-8341346 >> - Remove TlsExporterKeyingMaterial for now. Can add later if needed. >> - Merge branch 'master' into JDK-8341346 >> - Merge branch 'master' into JDK-8341346 >> - Added PKCS11 testing >> - Minor bug >> - Missed one change >> - Merge branch 'master' into JDK-8341346 >> - Private Codereview comment: Don't allow use of null keyAlgs, plus some >> minor cleanups >> - get*() no longer needed, backout error (oops!) >> - ... and 27 more: https://git.openjdk.org/jdk/compare/2ec6ab34...858362c8 > > src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1494: > >> 1492: if (exporterMasterSecret == null) { >> 1493: throw new RuntimeException( >> 1494: "Exporter master secret not captured"); > > Do you want to choose another exception type? Like `ProviderException`. > Actually, how unlikely this is? If you believe this would never happen > (unless there is a programming error), you can even throw an `AssertionError`. > > Same question in `useTLS10PlusSpec()` for the two randoms. @wangweij asked if `SSLSession` are ever in a partially completed state. The answer is yes, during handshaking the `SSLSocket/SSLEngine.getHandshakeSession()` methods can return `SSLSession` that is incomplete. As such, it makes more sense for this to be an `IllegalArgumentException`. Drafted the CSR, made the update, and refinalized it. Hopefully the wording is acceptable. ;) ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2114985934
