[jdk21u-dev] RFR: 8326233: Utils#copySSLParameters loses needClientAuth Setting
Goetz Lindenmaier
goetz at openjdk.org
Wed Apr 9 07:12:40 UTC 2025
On Tue, 8 Apr 2025 18:18:20 GMT, Satyen Subramaniam <ssubramaniam at openjdk.org> wrote:
> Backporting JDK-8326233: Utils#copySSLParameters loses needClientAuth Setting. When the java.net.HttpClient.Builder is configured with a SSLParameters instance whose needClientAuth is set to true, then it is expected that the HttpClient that's built from such a builder will have its SSLParameters with needClientAuth as true and wantClientAuth as false. This change fixes a bug in the internal implementation of a the HttpClient which leads to the value for needClientAuth was getting reset to false. Adds test for expected behavior. Ran GHA Sanity Checks, local Tier 1 and 2 tests. Patch is clean.
Hi @satyenme
I had a look at your backport. It has follow-up JDK-8326381 which does several similar fixes.
Unfortunately JDK-8326381 also deprecates methods which requires a CSR.
Is this fix here complete without the fixes from JDK-8326381? Should we single out the fixes in JDK-8326381 and backport them? Probably we should check with Jaikiran Pai and Joe Darcy whether we can do that without a CSR?
-------------
PR Comment: https://git.openjdk.org/jdk21u-dev/pull/1618#issuecomment-2788566290
More information about the jdk-updates-dev
mailing list