zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-07-19 17:26:09 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix another bug in the proxy (#419)

Browse source 
The promise should be set outside the try block because if we want
warning only, we still want the promise to be set even if the
clientCertificate.checkValidity() throws an error.
This commit is contained in:
Lai Jiang 2019-12-18 16:24:23 -05:00 committed by GitHub
parent ffe3eb1548
commit bfd61ef867
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java
View file

@ -113,8 +113,6 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
sslHandler.engine().getSession().getPeerCertificates()[0];
try {
clientCertificate.checkValidity();
Promise<X509Certificate> unusedPromise =
clientCertificatePromise.setSuccess(clientCertificate);
} catch (CertificateNotYetValidException | CertificateExpiredException e) {
logger.atWarning().withCause(e).log(
"Client certificate is not valid.\nHash: %s",
@ -123,8 +121,11 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
Promise<X509Certificate> unusedPromise =
clientCertificatePromise.setFailure(e);
ChannelFuture unusedFuture2 = channel.close();
return;
}
}
Promise<X509Certificate> unusedPromise =
clientCertificatePromise.setSuccess(clientCertificate);
} else {
Promise<X509Certificate> unusedPromise =
clientCertificatePromise.setFailure(future.cause());