From e752a0f8963184dd277e5ca5cbb007cf7fa1a2dd Mon Sep 17 00:00:00 2001
From: DXwangg <wangjiawei80@huawei.com>
Date: Mon, 23 Oct 2023 09:37:33 +0800
Subject: [PATCH] I89ZH5:SSLEngine throws NPE parsing CertificateRequests

---
 ...ngine-throws-NPE-parsing-Certificate.patch | 21 +++++++++++++++++++
 openjdk-11.spec                               |  9 +++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 8295068-SSLEngine-throws-NPE-parsing-Certificate.patch

diff --git a/8295068-SSLEngine-throws-NPE-parsing-Certificate.patch b/8295068-SSLEngine-throws-NPE-parsing-Certificate.patch
new file mode 100644
index 0000000..c69ccf4
--- /dev/null
+++ b/8295068-SSLEngine-throws-NPE-parsing-Certificate.patch
@@ -0,0 +1,21 @@
+Subject: [PATCH] JDK-8295068: SSLEngine throws NPE parsing CertificateRequests
+
+---
+ .../share/classes/sun/security/ssl/CertificateRequest.java      | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
+index 8e8370ba7..504aefb1a 100644
+--- a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
++++ b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
+@@ -135,7 +135,7 @@ final class CertificateRequest {
+             ArrayList<String> keyTypes = new ArrayList<>(3);
+             for (byte id : ids) {
+                 ClientCertificateType cct = ClientCertificateType.valueOf(id);
+-                if (cct.isAvailable) {
++                if (cct != null && cct.isAvailable) {
+                     keyTypes.add(cct.keyAlgorithm);
+                 }
+             }
+--
+
diff --git a/openjdk-11.spec b/openjdk-11.spec
index 4cf2576..455db0d 100644
--- a/openjdk-11.spec
+++ b/openjdk-11.spec
@@ -748,7 +748,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
 
 Name:    java-%{javaver}-%{origin}
 Version: %{newjavaver}.%{buildver}
-Release: 0
+Release: 1
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -886,6 +886,8 @@ Patch90: fix_Internal_and_external_code_inconsistency.patch
 # 11.0.18
 Patch91: 8222289-Overhaul-logic-for-reading-writing-constant-pool-entries.patch
 
+# 11.0.21
+Patch92: 8295068-SSLEngine-throws-NPE-parsing-Certificate.patch
 ############################################
 #
 # riscv64 specific patches
@@ -1186,6 +1188,7 @@ pushd %{top_level_dir_name}
 %patch89 -p1
 %patch90 -p1
 %patch91 -p1
+%patch92 -p1
 %endif
 popd # openjdk
 
@@ -1696,6 +1699,10 @@ cjc.mainProgram(arg)
 
 
 %changelog
+* Mon Oct 23 2023 DXwangg <wangjiawei80@huawei.com> - 1:11.0.21.9-1
+- add 8295068-SSLEngine-throws-NPE-parsing-Certificate.patch
+
+
 * Thu Oct 19 2023 DXwangg <wangjiawei80@huawei.com> - 1:11.0.21.9-0
 - update to 11.0.21+9(GA)
 - modified delete_expired_certificates.patch
-- 
Gitee