Fix AdvancedTlsX509TrustManager to handle client side validation of socket

cfredri4 · ejona86 · commit dcb1c018c65a · 2024-07-11T10:25:00.000-07:00
diff --git a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java
@@ -200,7 +200,11 @@ private void checkTrusted(X509Certificate[] chain, String authType, SSLEngine ss
           currentDelegateManager.checkServerTrusted(chain, authType, sslSocket);
         }
       } else {
-        currentDelegateManager.checkClientTrusted(chain, authType, sslEngine);
+        if (sslEngine != null) {
+          currentDelegateManager.checkClientTrusted(chain, authType, sslEngine);
+        } else {
+          currentDelegateManager.checkClientTrusted(chain, authType, socket);
+        }
       }
     }
     // Perform the additional peer cert check.

Original file line number	Diff line number	Diff line change
`@@ -200,7 +200,11 @@ private void checkTrusted(X509Certificate[] chain, String authType, SSLEngine ss`
`200`	`200`	`currentDelegateManager.checkServerTrusted(chain, authType, sslSocket);`
`201`	`201`	`}`
`202`	`202`	`} else {`
`203`		`- currentDelegateManager.checkClientTrusted(chain, authType, sslEngine);`
	`203`	`+ if (sslEngine != null) {`
	`204`	`+ currentDelegateManager.checkClientTrusted(chain, authType, sslEngine);`
	`205`	`+ } else {`
	`206`	`+ currentDelegateManager.checkClientTrusted(chain, authType, socket);`
	`207`	`+ }`
`204`	`208`	`}`
`205`	`209`	`}`
`206`	`210`	`// Perform the additional peer cert check.`