[8u] TLSv1.3 RFR: 8245473: OCSP stapling support

[Martin Balao]

On 5/21/20 11:02 AM, Alexey Bakhtin wrote:
> Please review changes required to backport TLSv1.3 protocol from JDK11.0.7 to JDK8u

Hi Alexey,

A few questions and comments.

 * test/*

Will tests be handled in later steps? I guess so but please confirm.
This is probably not ideal but okay -we have managed them separately
anyways in previous steps-.

 * SSLContextImpl.java

Why did you turn 'jdk.tls.client.enableStatusRequestExtension' to
'false' by default?

A CSR will be needed if we are introducing new properties anyways.

 * X509TrustManagerImpl.java

You probably want to make some changes here after I asked you to remove
changes introduced for Step 3 (8245470). However, before casting to
SSLSessionImpl I'd suggest to add a 'instanceof' check. If, for any
reason, it's a JDK-8 ExtendedSSLSession implementation class different
than SSLSessionImpl, we shouldn't fail because having the
getStatusResponses method was not part of the contract at that time.

 * OCSP.java

Why are these changes not included?

 * OCSPRequest.java

Why are these changes not included?

 * OCSPResponse.java

Why are these changes not included?

 * ResponderId.java

Why are these changes not included?

 * Validator.java

Seems to be including changes from 8154015. Why? Looks to me that
8154015 was introduced to JDK-8 and then backed out.

I suggest not to bump the copyright end date.

 * PKIXExtensions.java

Why are these changes not included?

 * RevocationChecker.java

Why are we including changes from 8161973 here? Please propose 8161973
as an independent backport.

Step 6 (8245473) is the JDK-8 backport of 8046321. Don't forget to add a
reference to 8046321 in the commit message.

Thanks,
Martin.-