changeset 43195:e7f80841643d

8151465: SSLSession may not return a valid chain Reviewed-by: mullan, ahgross
author xuelei
date Wed, 27 Jul 2016 02:23:16 +0000
parents b50e0f90d284
children 2064adad356a
files jdk/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java jdk/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java jdk/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java jdk/src/java.base/share/classes/javax/net/ssl/SSLSession.java
diffstat 4 files changed, 22 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java	Wed Jan 18 08:02:53 2017 +0800
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java	Wed Jul 27 02:23:16 2016 +0000
@@ -69,6 +69,10 @@
     /**
      * Returns the server's X.509 certificate chain, or null if
      * the server did not authenticate.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
+     *
      * @return the server certificate chain
      */
     public abstract Certificate[] getServerCertificates()
--- a/jdk/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java	Wed Jan 18 08:02:53 2017 +0800
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java	Wed Jul 27 02:23:16 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -120,6 +120,9 @@
      * Note: This method can be used only when using certificate-based
      * cipher suites; using it with non-certificate-based cipher suites,
      * such as Kerberos, will throw an SSLPeerUnverifiedException.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
      *
      * @return an ordered array of the peer certificates,
      *          with the peer's own certificate first followed by
@@ -140,6 +143,9 @@
      * Note: This method can be used only when using certificate-based
      * cipher suites; using it with non-certificate-based cipher suites,
      * such as Kerberos, will throw an SSLPeerUnverifiedException.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
      *
      * <p><em>Note: this method exists for compatibility with previous
      * releases. New applications should use
--- a/jdk/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java	Wed Jan 18 08:02:53 2017 +0800
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java	Wed Jul 27 02:23:16 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -104,6 +104,9 @@
      * Note: This method can be used only when using certificate-based
      * cipher suites; using it with non-certificate-based cipher suites,
      * such as Kerberos, will throw an SSLPeerUnverifiedException.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
      *
      * @return an ordered array of server certificates,
      *          with the peer's own certificate first followed by
--- a/jdk/src/java.base/share/classes/javax/net/ssl/SSLSession.java	Wed Jan 18 08:02:53 2017 +0800
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/SSLSession.java	Wed Jul 27 02:23:16 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -219,6 +219,9 @@
      * Note: This method can be used only when using certificate-based
      * cipher suites; using it with non-certificate-based cipher suites,
      * such as Kerberos, will throw an SSLPeerUnverifiedException.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
      *
      * @return an ordered array of peer certificates,
      *          with the peer's own certificate first followed by any
@@ -259,6 +262,9 @@
      * Note: This method can be used only when using certificate-based
      * cipher suites; using it with non-certificate-based cipher suites,
      * such as Kerberos, will throw an SSLPeerUnverifiedException.
+     * <P>
+     * Note: The returned value may not be a valid certificate chain
+     * and should not be relied on for trust decisions.
      *
      * <p><em>Note: this method exists for compatibility with previous
      * releases. New applications should use