RFR: [11u] JDK-8236039: JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3
Langer, Christoph
christoph.langer at sap.com
Thu Jan 16 13:27:16 UTC 2020
Hi Andrew,
this looks like something one wants to have in JDK11. Webrev looks good to me. I also approved by adding jdk11u fix request labels to the bug.
Best regards
Christoph
> -----Original Message-----
> From: jdk-updates-dev <jdk-updates-dev-bounces at openjdk.java.net> On
> Behalf Of Andrew John Hughes
> Sent: Mittwoch, 15. Januar 2020 20:18
> To: 'jdk-updates-dev at openjdk.java.net' <jdk-updates-
> dev at openjdk.java.net>
> Subject: Re: RFR: [11u] JDK-8236039: JSSE Client does not accept
> status_request extension in CertificateRequest messages for TLS 1.3
>
> On 08/01/2020 06:46, Andrew John Hughes wrote:
> > Bug: https://bugs.openjdk.java.net/browse/JDK-8236039
> > Webrev:
> https://cr.openjdk.java.net/~andrew/openjdk11/8236039/webrev.01/
> >
> > TLS 1.3 allows the status_request extension, but, as the JSSE provider
> > does not currently support it, it throws an exception. It should instead
> > simply ignore the extension.
> >
> > Backporting this fix will increase compatibility with TLS 1.3 clients.
> >
> > Patch nearly applies cleanly, with the exception of the copyright header
> > having been previously updated in 15u, but not 11u:
> >
> > @@ -1,5 +1,5 @@
> > /*
> > -- * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights
> > reserved.
> > +- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
> > + * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights
> > reserved.
> >
> > Ok for 11.0.7?
> >
> > Thanks,
> >
>
> Ping?
>
> Thanks,
> --
> Andrew :)
>
> Senior Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
>
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
> https://keybase.io/gnu_andrew
More information about the jdk-updates-dev
mailing list