[11u] RFR: 8206925: Support the certificate_authorities extension
Doerr, Martin
martin.doerr at sap.com
Wed Mar 24 16:41:29 UTC 2021
Hi Christoph,
thank you for the review and checking the tests!
I agree. We should try to deliver it with 11.0.11 if possible.
I’ve added the CSR to my backport comment and labeled the issue with jdk11u-critical-request.
Best regards,
Martin
From: Langer, Christoph <christoph.langer at sap.com>
Sent: Mittwoch, 24. März 2021 15:48
To: Doerr, Martin <martin.doerr at sap.com>; jdk-updates-dev at openjdk.java.net; security-dev <security-dev at openjdk.java.net>; Severin Gehwolf <sgehwolf at redhat.com>; Andrew Haley <aph at redhat.com>
Cc: Lindenmaier, Goetz <goetz.lindenmaier at sap.com>
Subject: RE: [11u] RFR: 8206925: Support the certificate_authorities extension
Hi Martin,
your backport looks good. I see the new tests pass and our testing does not unveil other regressions. Reviewed.
Oracle has already included this item in 11.0.10 but it fell through the cracks for OpenJDK 11u due to an issue with the updates filter. However, it seems like an important item for TLS 1.3 usability. We have just received a customer request why this wasn’t included in 11u yet, they would need it for their product to move on to TLS 1.3. So I think we should strive for 11.0.11 with this backport. Please label accordingly. Adding @Andrew Haley<mailto:aph at redhat.com> and @Severin Gehwolf<mailto:sgehwolf at redhat.com> for their opinion on this decision ��
The CSR https://bugs.openjdk.java.net/browse/JDK-8248709 should apply to this backport, please link it to the JBS issue.
Thanks & Best regards
Christoph
From: Doerr, Martin <martin.doerr at sap.com<mailto:martin.doerr at sap.com>>
Sent: Dienstag, 23. März 2021 16:25
To: jdk-updates-dev at openjdk.java.net<mailto:jdk-updates-dev at openjdk.java.net>; security-dev <security-dev at openjdk.java.net<mailto:security-dev at openjdk.java.net>>
Cc: Lindenmaier, Goetz <goetz.lindenmaier at sap.com<mailto:goetz.lindenmaier at sap.com>>; Langer, Christoph <christoph.langer at sap.com<mailto:christoph.langer at sap.com>>
Subject: [11u] RFR: 8206925: Support the certificate_authorities extension
Hi,
JDK-8206925 was backported to 11.0.10-oracle, but it’s still missing in the Open Source version.
I'd like to backport it for parity.
It does apply cleanly, but I had to modify it, because the following change is not in 11u:
https://bugs.openjdk.java.net/browse/JDK-8215712
Bug:
https://bugs.openjdk.java.net/browse/JDK-8206925
Original change:
https://hg.openjdk.java.net/jdk/jdk/rev/827bac238aa0
11u backport:
http://cr.openjdk.java.net/~mdoerr/8206925_ca_ext_11u/webrev.00/
Manual change to make it work without JDK-8215712 (SSLStringizer and derived classes don’t take a HandshakeContext in 11u):
http://cr.openjdk.java.net/~mdoerr/8206925_ca_ext_11u/8206925_ca_ext_diff.txt
Please review.
Best regards,
Martin
More information about the jdk-updates-dev
mailing list