static X509ExtendedTrustManager wrap(X509ExtendedTrustManager tm, boolean client) { if (PlatformDependent.javaVersion() < 11) { try { X509Certificate[] certs = { OpenSsl.selfSignedCertificate() }; if (client) { tm.checkServerTrusted(certs, "RSA", new DummySSLEngine(true)); } else { tm.checkClientTrusted(certs, "RSA", new DummySSLEngine(false)); } } catch (IllegalArgumentException e) { // If this happened we failed because our protocol version was not known by the implementation. // See http://mail.openjdk.java.net/pipermail/security-dev/2018-September/018242.html. return new OpenSslTlsv13X509ExtendedTrustManager(tm); } catch (Throwable ignore) { // Just assume we do not need to wrap. } } return tm; }
static X509ExtendedTrustManager wrap(X509ExtendedTrustManager tm, boolean client) { if (PlatformDependent.javaVersion() < 11) { try { X509Certificate[] certs = { OpenSsl.selfSignedCertificate() }; if (client) { tm.checkServerTrusted(certs, "RSA", new DummySSLEngine(true)); } else { tm.checkClientTrusted(certs, "RSA", new DummySSLEngine(false)); } } catch (IllegalArgumentException e) { // If this happened we failed because our protocol version was not known by the implementation. // See http://mail.openjdk.java.net/pipermail/security-dev/2018-September/018242.html. return new OpenSslTlsv13X509ExtendedTrustManager(tm); } catch (Throwable ignore) { // Just assume we do not need to wrap. } } return tm; }