woggioni/rbcs
1
0
Fork 1
Code Actions Packages Releases 9 Wiki Activity

Compare commits

base: woggioni/rbcs:0.5.1
Branches Tags
woggioni/rbcs:master woggioni/rbcs:dev woggioni/rbcs:caffeine woggioni/rbcs:streaming woggioni/rbcs:doc woggioni/rbcs:graal-native-image woggioni/rbcs:native-transport woggioni/rbcs:client-events
woggioni/rbcs:0.5.1 woggioni/rbcs:0.5.0 woggioni/rbcs:0.4.0 woggioni/rbcs:0.3.7 woggioni/rbcs:0.3.6 woggioni/rbcs:0.3.5 woggioni/rbcs:0.3.4 woggioni/rbcs:0.3.3 woggioni/rbcs:0.3.2 woggioni/rbcs:0.3.1 woggioni/rbcs:0.3.0 woggioni/rbcs:0.3.0-SNAPSHOT woggioni/rbcs:0.2.1 woggioni/rbcs:0.2.0 woggioni/rbcs:0.2.0-RC5 woggioni/rbcs:0.2.0-RC4 woggioni/rbcs:0.2.0-RC3 woggioni/rbcs:0.2.0-RC2 woggioni/rbcs:0.2.0-RC1 woggioni/rbcs:0.2.0-beta-1 woggioni/rbcs:0.2.0-alpha-4 woggioni/rbcs:0.2.0-alpha-3 woggioni/rbcs:0.2.0-alpha-2 woggioni/rbcs:0.2.0-alpha-1 woggioni/rbcs:0.2.0-alpha woggioni/rbcs:0.1.6 woggioni/rbcs:0.1.5 woggioni/rbcs:0.1.4 woggioni/rbcs:0.1.3 woggioni/rbcs:0.1.2 woggioni/rbcs:0.1.2-alpha woggioni/rbcs:0.1.1 woggioni/rbcs:0.1.0 woggioni/rbcs:0.0.9 woggioni/rbcs:0.0.8 woggioni/rbcs:0.0.7 woggioni/rbcs:0.0.6 woggioni/rbcs:0.0.5 woggioni/rbcs:0.0.4 woggioni/rbcs:0.0.3 woggioni/rbcs:0.0.2 woggioni/rbcs:0.0.1
..
compare: woggioni/rbcs:dev
Branches Tags
woggioni/rbcs:master woggioni/rbcs:dev woggioni/rbcs:caffeine woggioni/rbcs:streaming woggioni/rbcs:doc woggioni/rbcs:graal-native-image woggioni/rbcs:native-transport woggioni/rbcs:client-events
woggioni/rbcs:0.5.1 woggioni/rbcs:0.5.0 woggioni/rbcs:0.4.0 woggioni/rbcs:0.3.7 woggioni/rbcs:0.3.6 woggioni/rbcs:0.3.5 woggioni/rbcs:0.3.4 woggioni/rbcs:0.3.3 woggioni/rbcs:0.3.2 woggioni/rbcs:0.3.1 woggioni/rbcs:0.3.0 woggioni/rbcs:0.3.0-SNAPSHOT woggioni/rbcs:0.2.1 woggioni/rbcs:0.2.0 woggioni/rbcs:0.2.0-RC5 woggioni/rbcs:0.2.0-RC4 woggioni/rbcs:0.2.0-RC3 woggioni/rbcs:0.2.0-RC2 woggioni/rbcs:0.2.0-RC1 woggioni/rbcs:0.2.0-beta-1 woggioni/rbcs:0.2.0-alpha-4 woggioni/rbcs:0.2.0-alpha-3 woggioni/rbcs:0.2.0-alpha-2 woggioni/rbcs:0.2.0-alpha-1 woggioni/rbcs:0.2.0-alpha woggioni/rbcs:0.1.6 woggioni/rbcs:0.1.5 woggioni/rbcs:0.1.4 woggioni/rbcs:0.1.3 woggioni/rbcs:0.1.2 woggioni/rbcs:0.1.2-alpha woggioni/rbcs:0.1.1 woggioni/rbcs:0.1.0 woggioni/rbcs:0.0.9 woggioni/rbcs:0.0.8 woggioni/rbcs:0.0.7 woggioni/rbcs:0.0.6 woggioni/rbcs:0.0.5 woggioni/rbcs:0.0.4 woggioni/rbcs:0.0.3 woggioni/rbcs:0.0.2 woggioni/rbcs:0.0.1

5 Commits
0.5.1 .. dev

Author SHA1 Message Date
woggioni 976ee1ac88 tmp4
CI / build (push) Successful in 3m31s
Details
2026-06-12 08:46:27 +08:00
opencode 7dc12a37e4 Use X509ExtendedTrustManager to avoid JDK AlgorithmChecker constraints 
Netty 4.2.15 fixed CVE-2026-50010 by removing the silent wrapping of
plain X509TrustManager in X509ExtendedTrustManager. When a plain
X509TrustManager is used, the JDK wraps it in AbstractTrustManagerWrapper
and runs TrustManagerImpl.checkTrusted() with AlgorithmChecker before
calling the custom trust manager.

This caused client certificates signed with SHA3-512withECDSA to be
rejected even though they are not explicitly blacklisted in java.security,
because the JDK's internal PKIX validator applies stricter constraints.

By making our custom trust managers implement X509ExtendedTrustManager
directly, the JDK calls the 3-arg methods directly and bypasses its
internal TrustManagerImpl, restoring the pre-4.2.15 behavior where
only our custom PKIX validation runs.

Files changed:
- rbcs-common/RBCS.kt: getTrustManager() returns X509ExtendedTrustManager
- rbcs-client/RemoteBuildCacheClient.kt: trust-all manager uses X509ExtendedTrustManager
 2026-06-12 08:38:26 +08:00
woggioni 6b798f3046 tmp3
CI / build (push) Successful in 5m50s
Details
2026-06-12 07:46:06 +08:00
woggioni 4037ac9ddc tmp
CI / build (push) Successful in 3m15s
Details
2026-06-12 07:14:39 +08:00
woggioni b4a97845ca tmp
CI / build (push) Failing after 1m26s
Details
2026-06-09 22:32:40 +08:00
Expand all files Collapse all files

Diff Content Not Available