From djelinski at openjdk.org  Mon Dec  1 08:56:02 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 1 Dec 2025 08:56:02 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v5]
In-Reply-To: <OvgsFHHMK8elrse4NWJa1afM6CJLNQae_3y0MTfxLHY=.79381b1d-0787-47cf-a9bd-5ed262159b8d@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <OvgsFHHMK8elrse4NWJa1afM6CJLNQae_3y0MTfxLHY=.79381b1d-0787-47cf-a9bd-5ed262159b8d@github.com>
Message-ID: <kYOQNW1FEsye5uRBHTDokE1xQipDdoA1Z3xxdCtNkqM=.a99b1895-be9c-447f-8fe0-31cb9c950eb7@github.com>

On Wed, 26 Nov 2025 10:39:20 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Add guards against `HttpHeaders::firstValueAsLong` failures. `H3MalformedResponseTest` is overhauled ? migrated to JUnit, reinforced with exception type tests, etc. ? but not all `firstValueAsLong` changes are verified with new additional tests. `test/jdk/java/net/httpclient/` tests still do pass.
>
> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Introduce dangling `firstValueAsLong("content-length")` calls back

Marked as reviewed by djelinski (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28431#pullrequestreview-3523860341

From dfuchs at openjdk.org  Mon Dec  1 10:55:13 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 1 Dec 2025 10:55:13 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v5]
In-Reply-To: <OvgsFHHMK8elrse4NWJa1afM6CJLNQae_3y0MTfxLHY=.79381b1d-0787-47cf-a9bd-5ed262159b8d@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <OvgsFHHMK8elrse4NWJa1afM6CJLNQae_3y0MTfxLHY=.79381b1d-0787-47cf-a9bd-5ed262159b8d@github.com>
Message-ID: <lM3npf2h8qUprHWp2V8q04nKHbk1LMki7Jua5XBd7GE=.055d936e-0894-4d95-9eab-52d6f0921f01@github.com>

On Wed, 26 Nov 2025 10:39:20 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Add guards against `HttpHeaders::firstValueAsLong` failures. `H3MalformedResponseTest` is overhauled ? migrated to JUnit, reinforced with exception type tests, etc. ? but not all `firstValueAsLong` changes are verified with new additional tests. `test/jdk/java/net/httpclient/` tests still do pass.
>
> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Introduce dangling `firstValueAsLong("content-length")` calls back

Changes requested by dfuchs (Reviewer).

src/java.net.http/share/classes/jdk/internal/net/http/Http1Response.java line 338:

> 336:         } catch (ProtocolException pe) {
> 337:             cf.completeExceptionally(pe);
> 338:             return cf;

We're not going to read the body if we return here, so I think we should close the connection with the ProtocolException `pe` before returning the completable future `cf`. Otherwise - the connection will remained unclosed and out of the pool until we close the client.

src/java.net.http/share/classes/jdk/internal/net/http/Http3Stream.java line 630:

> 628:              finalResponse = true;
> 629:          } else {
> 630:              assert responseCode >= 100 && responseCode <= 200 : "unexpected responseCode: " + responseCode;

Can we keep the assert?

-------------

PR Review: https://git.openjdk.org/jdk/pull/28431#pullrequestreview-3524324264
PR Review Comment: https://git.openjdk.org/jdk/pull/28431#discussion_r2576552862
PR Review Comment: https://git.openjdk.org/jdk/pull/28431#discussion_r2576571136

From djelinski at openjdk.org  Mon Dec  1 10:56:02 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 1 Dec 2025 10:56:02 GMT
Subject: RFR: 8372409:
 java/net/httpclient/http3/H3MultipleConnectionsToSameHost.java timed out
 during warmup
In-Reply-To: <tygDWjw3cTzV4SdBUuvbrpZhTTt4MO0ZYvphWLxrufA=.e7158864-4a13-4ac6-b404-29624aac8637@github.com>
References: <tygDWjw3cTzV4SdBUuvbrpZhTTt4MO0ZYvphWLxrufA=.e7158864-4a13-4ac6-b404-29624aac8637@github.com>
Message-ID: <QFUmgSD23PoG2CtVoeWQRPXR2AyB_STFy0Nw64-vKtc=.8706cb7a-99a0-4cf8-8cfe-563eb78878f4@github.com>

On Tue, 25 Nov 2025 14:38:01 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The issue here occurs when the connection gets closed just before the `Http3ExchangeImpl` gets created. In that case the h3 stream reference counter gets incremented, but due to the connection being already closed Http3ExchangeImpl::close will not be invoked, even though the CF returned to the user has been correctly completed with the appropriate exception. Not calling `Http3ExchangeImpl::close` after the reference counter has been incremented prevents that reference counter from being properly decremented. This in turn causes `HttpClient::close()` to wait forever.
> 
> The fix is to double-check that the connection is still open after having added the exchange to the connection's exchange map. If the connection is still opened, we can start the exchange. Otherwise we mark it as unprocessed and close it.

Marked as reviewed by djelinski (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28494#pullrequestreview-3524368077

From djelinski at openjdk.org  Mon Dec  1 11:03:15 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 1 Dec 2025 11:03:15 GMT
Subject: RFR: 8353738: Update TLS unit tests to not use certificates with
 MD5 signatures [v7]
In-Reply-To: <DTog6sfC8efnL2ysENz2zRAVGWNuGZ7hfE8mxrwP1vo=.dcf5fc1f-9188-4fd4-a2c2-e0930d2c257d@github.com>
References: <mBEv1oGEIazOqeTLJKEJ0NtfAWz15hRLJGfR2qt_kYY=.5df5c042-ba97-41fc-95dd-48279881e399@github.com>
 <DTog6sfC8efnL2ysENz2zRAVGWNuGZ7hfE8mxrwP1vo=.dcf5fc1f-9188-4fd4-a2c2-e0930d2c257d@github.com>
Message-ID: <Q15PCCegrjbDS-CKa2jsyLoOeaAyvKLV3a5018Deb9g=.70160d1c-2168-4cbe-aa05-45569271111c@github.com>

On Mon, 24 Nov 2025 17:22:39 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:

>> This PR updates tests that were using MD5 certificates. For most of the tests, I added test cases for TLSv1.2/MD5withRSA and TLSv1.3/SHA256withRSA.
>
> Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 13 additional commits since the last revision:
> 
>  - Updated IPAddressDNSIdentities and confirmed test fails for correct reason
>  - Merge branch 'master' into update-md5-certs
>  - Updated SAN methods in CertificateBuilder to take multiple names
>  - Merge branch 'master' into update-md5-certs
>  - removed IPIdentitites.java because it's identical to IPAddressIPIdenties; added IPv6 SAN ext
>  - removed unused keystore files, fixed certificate chain
>  - Merge branch 'master' into update-md5-certs
>  - changed line wrapping
>  - removed unnecessary comment and made getSSLContext(...) private
>  - changed tests to use SecurityUtils.removeDisabled*Algs methods
>  - ... and 3 more: https://git.openjdk.org/jdk/compare/d0629285...ea9c2dce

Marked as reviewed by djelinski (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/27342#pullrequestreview-3524380076

From smonteith at openjdk.org  Mon Dec  1 12:07:02 2025
From: smonteith at openjdk.org (Stuart Monteith)
Date: Mon, 1 Dec 2025 12:07:02 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
Message-ID: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>

MemorySegments allocated from shared Arena from
java.lang.foreign.Arena.ofShared() have their lifecycle controlled by jdk.internal.foreign.SharedSession. This class ensures that the MemorySegments can't be freed until after a thread has called Arena.close(). This is implemented using a counter that is atomically incremented when used, and decremented when not used, on every invocation of a downcall. While shared Arenas allow any thread to use it and to close it, this tracking has a cost when multiple threads are contended on it. This patch changes the implementation to use multiple counters to reduce contention. sun.nio.ch.IOUtil, java.nio.Buffer and sun.nio.ch.SimpleAsynchronousFileChannelImpl are modified as they have threads releasing the scope different from the ones that allocated them, so a ticket that tracks the counter has to be passed over.

The microbenchmark org.openjdk.bench.java.lang.foreign. CallOverheadConstant.panama_identity_memory_address_shared_3 was used to generate the following results. The scalability was checked on a number of platforms with the JMH parameter "-t" specifying the number of threads. Measurements are in ns/op .

The hardware are the Neoverse-N1, N2, V1 and V2, Intel Xeon 8375c and the AMD Epyc 9654.

| Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
|---------|-------|-------|-------|-------|-------|-------|
|    1  |    30.88   |   32.15  |    33.54  |    32.82  |    27.46  |     8.45 |
|   2    | 142.56    | 134.48  |   132.01 |    131.50 |    116.68   |   46.53 |
|  4    |  310.18   |  282.75  |   287.59  |   271.82  |   251.88   |   86.11 |
|  8    |  702.02   |  710.29  |   736.72  |   670.63  |   533.46   |  194.60 |
|   16  |  1,436.17 |  1,684.80 |  1,833.69 |  1,782.78 |  1,100.15 |    827.28 |
|  24  | 2,185.55 |  2,508.86 |  2,732.22 |  2,815.26 |  1,646.09 |  1,530.28  |
|   32  | 2,942.48 |  3,432.84 |  3,643.64 |  3,782.23 |  2,236.81 |  2,278.52 |
|   48  | 4,466.56 |  5,174.72 |  5,401.95 |  5,621.41 |  4,926.30  | 3,026.58 |

After:

| Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
|---------|-------|-------|-------|-------|-------|-------|
|    1  |    32.41  |    32.11  |    34.43  |  31.32  |    27.94  |     9.82 |
|    2  |    32.64  |    33.72  |    35.11  |  31.30  |    28.02  |     9.81 |
|    4  |    32.71  |    36.84  |    34.67  |  31.35  |   28.12   |   10.49 |
|    8  |    58.22  |    31.60  |    36.87  |  31.72  |    47.09  |    16.52 |
|   16 |     70.15 |     47.76 |     52.37 |   47.26 |     70.91 |     14.53 |
|   24 |     77.38 |     78.14 |     81.67 |   71.98 |     87.20  |    21.70 |
|   32 |     87.54 |     98.01 |     84.73 |   86.79 |    109.25  |    22.65 |
|   48 |    121.54|     128.14  |   120.51 |  104.35 |    175.08 |     26.85 |

-------------

Commit messages:
 - 8371260: Improve scaling of downcalls using MemorySegments allocated with shared arenas

Changes: https://git.openjdk.org/jdk/pull/28575/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28575&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8371260
  Stats: 628 lines in 33 files changed: 402 ins; 38 del; 188 mod
  Patch: https://git.openjdk.org/jdk/pull/28575.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28575/head:pull/28575

PR: https://git.openjdk.org/jdk/pull/28575

From mdonovan at openjdk.org  Mon Dec  1 12:21:04 2025
From: mdonovan at openjdk.org (Matthew Donovan)
Date: Mon, 1 Dec 2025 12:21:04 GMT
Subject: Integrated: 8353738: Update TLS unit tests to not use certificates
 with MD5 signatures
In-Reply-To: <mBEv1oGEIazOqeTLJKEJ0NtfAWz15hRLJGfR2qt_kYY=.5df5c042-ba97-41fc-95dd-48279881e399@github.com>
References: <mBEv1oGEIazOqeTLJKEJ0NtfAWz15hRLJGfR2qt_kYY=.5df5c042-ba97-41fc-95dd-48279881e399@github.com>
Message-ID: <KiVDvQMrcUC7gXrOaTXnGTgkn39UhSTGczGfyPrlU0Q=.4b6c2f93-e61a-4a58-883a-7501554ac7b8@github.com>

On Wed, 17 Sep 2025 11:50:51 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:

> This PR updates tests that were using MD5 certificates. For most of the tests, I added test cases for TLSv1.2/MD5withRSA and TLSv1.3/SHA256withRSA.

This pull request has now been integrated.

Changeset: f5eecc45
Author:    Matthew Donovan <mdonovan at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/f5eecc454eb78fc1a3714dfe3cb94113238dd3ac
Stats:     3481 lines in 14 files changed: 402 ins; 2957 del; 122 mod

8353738: Update TLS unit tests to not use certificates with MD5 signatures

Reviewed-by: djelinski, abarashev

-------------

PR: https://git.openjdk.org/jdk/pull/27342

From dfuchs at openjdk.org  Mon Dec  1 12:33:01 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 1 Dec 2025 12:33:01 GMT
Subject: Integrated: 8372409:
 java/net/httpclient/http3/H3MultipleConnectionsToSameHost.java timed out
 during warmup
In-Reply-To: <tygDWjw3cTzV4SdBUuvbrpZhTTt4MO0ZYvphWLxrufA=.e7158864-4a13-4ac6-b404-29624aac8637@github.com>
References: <tygDWjw3cTzV4SdBUuvbrpZhTTt4MO0ZYvphWLxrufA=.e7158864-4a13-4ac6-b404-29624aac8637@github.com>
Message-ID: <PQzxahmLjFKfvjgj8u26Le3bEcakpxuqblU-dG_7tjU=.0e42a065-cd94-4d0d-8e2e-7b6d35ff885d@github.com>

On Tue, 25 Nov 2025 14:38:01 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The issue here occurs when the connection gets closed just before the `Http3ExchangeImpl` gets created. In that case the h3 stream reference counter gets incremented, but due to the connection being already closed Http3ExchangeImpl::close will not be invoked, even though the CF returned to the user has been correctly completed with the appropriate exception. Not calling `Http3ExchangeImpl::close` after the reference counter has been incremented prevents that reference counter from being properly decremented. This in turn causes `HttpClient::close()` to wait forever.
> 
> The fix is to double-check that the connection is still open after having added the exchange to the connection's exchange map. If the connection is still opened, we can start the exchange. Otherwise we mark it as unprocessed and close it.

This pull request has now been integrated.

Changeset: 785ca67e
Author:    Daniel Fuchs <dfuchs at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/785ca67e46c762ed0ffaeda1e26e5f90276181e8
Stats:     26 lines in 2 files changed: 21 ins; 0 del; 5 mod

8372409: java/net/httpclient/http3/H3MultipleConnectionsToSameHost.java timed out during warmup

Reviewed-by: djelinski

-------------

PR: https://git.openjdk.org/jdk/pull/28494

From alanb at openjdk.org  Mon Dec  1 13:15:49 2025
From: alanb at openjdk.org (Alan Bateman)
Date: Mon, 1 Dec 2025 13:15:49 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
In-Reply-To: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
References: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
Message-ID: <xHnX0VGSD6D2l0OLmREedfs7tcoCnnn-zczoNrrTCfc=.c8f98e67-36df-4fe5-8229-869b7e1adb61@github.com>

On Mon, 1 Dec 2025 11:59:38 GMT, Stuart Monteith <smonteith at openjdk.org> wrote:

> MemorySegments allocated from shared Arena from
> java.lang.foreign.Arena.ofShared() have their lifecycle controlled by jdk.internal.foreign.SharedSession. This class ensures that the MemorySegments can't be freed until after a thread has called Arena.close(). This is implemented using a counter that is atomically incremented when used, and decremented when not used, on every invocation of a downcall. While shared Arenas allow any thread to use it and to close it, this tracking has a cost when multiple threads are contended on it. This patch changes the implementation to use multiple counters to reduce contention. sun.nio.ch.IOUtil, java.nio.Buffer and sun.nio.ch.SimpleAsynchronousFileChannelImpl are modified as they have threads releasing the scope different from the ones that allocated them, so a ticket that tracks the counter has to be passed over.
> 
> The microbenchmark org.openjdk.bench.java.lang.foreign. CallOverheadConstant.panama_identity_memory_address_shared_3 was used to generate the following results. The scalability was checked on a number of platforms with the JMH parameter "-t" specifying the number of threads. Measurements are in ns/op .
> 
> The hardware are the Neoverse-N1, N2, V1 and V2, Intel Xeon 8375c and the AMD Epyc 9654.
> 
> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
> |---------|-------|-------|-------|-------|-------|-------|
> |    1  |    30.88   |   32.15  |    33.54  |    32.82  |    27.46  |     8.45 |
> |   2    | 142.56    | 134.48  |   132.01 |    131.50 |    116.68   |   46.53 |
> |  4    |  310.18   |  282.75  |   287.59  |   271.82  |   251.88   |   86.11 |
> |  8    |  702.02   |  710.29  |   736.72  |   670.63  |   533.46   |  194.60 |
> |   16  |  1,436.17 |  1,684.80 |  1,833.69 |  1,782.78 |  1,100.15 |    827.28 |
> |  24  | 2,185.55 |  2,508.86 |  2,732.22 |  2,815.26 |  1,646.09 |  1,530.28  |
> |   32  | 2,942.48 |  3,432.84 |  3,643.64 |  3,782.23 |  2,236.81 |  2,278.52 |
> |   48  | 4,466.56 |  5,174.72 |  5,401.95 |  5,621.41 |  4,926.30  | 3,026.58 |
> 
> After:
> 
> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
> |---------|-------|-------|-------|-------|-------|-------|
> |    1  |    32.41  |    32.11  |    34.43  |  31.32  |    27.94  |     9.82 |
> |    2  |    32.64  |    33.72  |    35.11  |  31.30  |    28.02  |     9.81 |
> |    4  |    32.71  |    36.84  |    34.67  |  31.35  |   28.12   |   10.49 |
> |    8  |    58.22  |    31.60  |    36.87  |  31.72  |    47.09  |...

Can you confirm that you aren't planning to try to try to integrate this before the fork for JDK 26 this week? There are several discussion points, and some of the changes are in risky areas, will likely need back time in main line.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28575#issuecomment-3596489652

From alanb at openjdk.org  Mon Dec  1 13:20:49 2025
From: alanb at openjdk.org (Alan Bateman)
Date: Mon, 1 Dec 2025 13:20:49 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
In-Reply-To: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
References: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
Message-ID: <sHRNXSSfRJ0D0Gwva0xmZoIX5eYGGG3InU4lZcmcSL8=.ad9a26f6-e672-4651-aa79-293107fcbf8f@github.com>

On Mon, 1 Dec 2025 11:59:38 GMT, Stuart Monteith <smonteith at openjdk.org> wrote:

> MemorySegments allocated from shared Arena from
> java.lang.foreign.Arena.ofShared() have their lifecycle controlled by jdk.internal.foreign.SharedSession. This class ensures that the MemorySegments can't be freed until after a thread has called Arena.close(). This is implemented using a counter that is atomically incremented when used, and decremented when not used, on every invocation of a downcall. While shared Arenas allow any thread to use it and to close it, this tracking has a cost when multiple threads are contended on it. This patch changes the implementation to use multiple counters to reduce contention. sun.nio.ch.IOUtil, java.nio.Buffer and sun.nio.ch.SimpleAsynchronousFileChannelImpl are modified as they have threads releasing the scope different from the ones that allocated them, so a ticket that tracks the counter has to be passed over.
> 
> The microbenchmark org.openjdk.bench.java.lang.foreign. CallOverheadConstant.panama_identity_memory_address_shared_3 was used to generate the following results. The scalability was checked on a number of platforms with the JMH parameter "-t" specifying the number of threads. Measurements are in ns/op .
> 
> The hardware are the Neoverse-N1, N2, V1 and V2, Intel Xeon 8375c and the AMD Epyc 9654.
> 
> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
> |---------|-------|-------|-------|-------|-------|-------|
> |    1  |    30.88   |   32.15  |    33.54  |    32.82  |    27.46  |     8.45 |
> |   2    | 142.56    | 134.48  |   132.01 |    131.50 |    116.68   |   46.53 |
> |  4    |  310.18   |  282.75  |   287.59  |   271.82  |   251.88   |   86.11 |
> |  8    |  702.02   |  710.29  |   736.72  |   670.63  |   533.46   |  194.60 |
> |   16  |  1,436.17 |  1,684.80 |  1,833.69 |  1,782.78 |  1,100.15 |    827.28 |
> |  24  | 2,185.55 |  2,508.86 |  2,732.22 |  2,815.26 |  1,646.09 |  1,530.28  |
> |   32  | 2,942.48 |  3,432.84 |  3,643.64 |  3,782.23 |  2,236.81 |  2,278.52 |
> |   48  | 4,466.56 |  5,174.72 |  5,401.95 |  5,621.41 |  4,926.30  | 3,026.58 |
> 
> After:
> 
> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
> |---------|-------|-------|-------|-------|-------|-------|
> |    1  |    32.41  |    32.11  |    34.43  |  31.32  |    27.94  |     9.82 |
> |    2  |    32.64  |    33.72  |    35.11  |  31.30  |    28.02  |     9.81 |
> |    4  |    32.71  |    36.84  |    34.67  |  31.35  |   28.12   |   10.49 |
> |    8  |    58.22  |    31.60  |    36.87  |  31.72  |    47.09  |...

src/java.base/windows/classes/sun/nio/ch/WindowsAsynchronousFileChannelImpl.java line 396:

> 394:         private final PendingFuture<Integer,A> result;
> 395:         private volatile boolean released;
> 396:         private int ticket;             // to release buffer scope

This is for substitution, so needs to be declared with buf (further down), and needs to be volatile (can't use plain access as it may be released on different thread).

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28575#discussion_r2577021290

From smonteith at openjdk.org  Mon Dec  1 13:48:47 2025
From: smonteith at openjdk.org (Stuart Monteith)
Date: Mon, 1 Dec 2025 13:48:47 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
In-Reply-To: <xHnX0VGSD6D2l0OLmREedfs7tcoCnnn-zczoNrrTCfc=.c8f98e67-36df-4fe5-8229-869b7e1adb61@github.com>
References: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
 <xHnX0VGSD6D2l0OLmREedfs7tcoCnnn-zczoNrrTCfc=.c8f98e67-36df-4fe5-8229-869b7e1adb61@github.com>
Message-ID: <49FGQkAhjaiL3NugHvEzFGQhwTOf1oOKIPAUihJDgF0=.f19c5f9b-fa41-4fbe-9223-cba043dfa1d0@github.com>

On Mon, 1 Dec 2025 13:13:13 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> Can you confirm that you aren't planning to try to try to integrate this before the fork for JDK 26 this week? There are several discussion points, and some of the changes are in risky areas, will likely need back time in main line.

I am not planning, and wouldn't want to integrate this just before a fork. While I've checked it the best I can, I'd appreciate some scrutiny.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28575#issuecomment-3596636408

From schernyshev at openjdk.org  Mon Dec  1 14:22:03 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Mon, 1 Dec 2025 14:22:03 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due to
 IllegalArgumentException
Message-ID: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>

Hi all,

Let me propose a fix and a test case for JDK-8369950.

The failure reproduces with BCJSSE provider and all implementations of SSLSocker other than SSLSocketImpl.

In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).

The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.

SNIHostName, as defined in
https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66

has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.

This mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see

https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116

Testing:
- standard jtreg tests goups showed no regressions
- the new test passes with the fix and fails otherwise
- passes also with BCJSSE in FIPS and standard mode 

<details><summary> BCJSSE standard</summary>


STDOUT:
STDERR:
Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
INFORMATION: Found boolean security property [keystore.type.compat]: true
Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': dsa_sha1 usage HandshakeSignature
Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
INFORMATION: Found string security property [jdk.certpath.disabledAlgorithms]: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage SignedJAR & denyAfter 2019-01-01
Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNUNG: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': SHA1 jdkCA & usage TLSServer
Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNUNG: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': SHA1 usage SignedJAR & denyAfter 2019-01-01
Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSystemProperty
INFORMATION: Found string system property [java.home]: /Users/sercher/repos/jdk/build/macosx-x86_64-server-release/images/jdk
Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyHandshakeBeginning
INFORMATION: [server #1 @193b6d73] accepting connection from 0:0:0:0:0:0:0:1:56197
Dez. 01, 2025 2:44:03 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyHandshakeComplete
INFORMATION: [server #1 @193b6d73] established connection with 0:0:0:0:0:0:0:1:56197
Dez. 01, 2025 2:44:08 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyConnectionClosed
INFORMATION: [server #1 @193b6d73] disconnected from 0:0:0:0:0:0:0:1:56197
STATUS:Passed.

</details>

<details><summary> BCJSSE FIPS</summary>


STDOUT:
STDERR:
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
INFORMATION: Found boolean security property [keystore.type.compat]: true
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': dsa_sha1 usage HandshakeSignature
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
INFORMATION: Found string security property [jdk.certpath.disabledAlgorithms]: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage SignedJAR & denyAfter 2019-01-01
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNUNG: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': SHA1 jdkCA & usage TLSServer
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNUNG: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': SHA1 usage SignedJAR & denyAfter 2019-01-01
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSystemProperty
INFORMATION: Found string system property [java.home]: /Users/sercher/repos/jdk/build/macosx-x86_64-server-release/images/jdk
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyHandshakeBeginning
INFORMATION: [server #1 @4d1e9767] accepting connection from 0:0:0:0:0:0:0:1:56184
Dez. 01, 2025 2:41:32 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyHandshakeComplete
INFORMATION: [server #1 @4d1e9767] established connection with 0:0:0:0:0:0:0:1:56184
Dez. 01, 2025 2:41:37 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyConnectionClosed
INFORMATION: [server #1 @4d1e9767] disconnected from 0:0:0:0:0:0:0:1:56184
STATUS:Passed.

</details>

-------------

Commit messages:
 - 8369950: TLS connection to IPv6 address fails with BCJSSE due to IllegalArgumentException

Changes: https://git.openjdk.org/jdk/pull/28577/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8369950
  Stats: 404 lines in 2 files changed: 403 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/28577.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28577/head:pull/28577

PR: https://git.openjdk.org/jdk/pull/28577

From djelinski at openjdk.org  Mon Dec  1 14:38:20 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 1 Dec 2025 14:38:20 GMT
Subject: RFR: 8366578: Remove the field tagSize in various
 QuicPacketEncoder.OutgoingQuicPacket subclasses
Message-ID: <UeI2VpUO15EBFrtJH2kHXoIBIwC4ITAZITuUf-v-VGs=.8fe5da56-2f13-4711-9473-fe6e9fd10bf3@github.com>

Remove unused tagSize fields. Testing clean.

-------------

Commit messages:
 - remove unused tagSize fields

Changes: https://git.openjdk.org/jdk/pull/28578/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28578&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8366578
  Stats: 8 lines in 1 file changed: 0 ins; 8 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/28578.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28578/head:pull/28578

PR: https://git.openjdk.org/jdk/pull/28578

From jpai at openjdk.org  Mon Dec  1 14:49:35 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Mon, 1 Dec 2025 14:49:35 GMT
Subject: RFR: 8366578: Remove the field tagSize in various
 QuicPacketEncoder.OutgoingQuicPacket subclasses
In-Reply-To: <UeI2VpUO15EBFrtJH2kHXoIBIwC4ITAZITuUf-v-VGs=.8fe5da56-2f13-4711-9473-fe6e9fd10bf3@github.com>
References: <UeI2VpUO15EBFrtJH2kHXoIBIwC4ITAZITuUf-v-VGs=.8fe5da56-2f13-4711-9473-fe6e9fd10bf3@github.com>
Message-ID: <Yc78djkRCURCOz6VKGI9dt9w1P2O20mm11OmVg6rKxc=.e26bf263-1cce-46db-b0f0-50abe721d872@github.com>

On Mon, 1 Dec 2025 14:19:39 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> Remove unused tagSize fields. Testing clean.

Looks good and trivial to me.

-------------

Marked as reviewed by jpai (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28578#pullrequestreview-3525372413

From dfuchs at openjdk.org  Mon Dec  1 15:20:36 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 1 Dec 2025 15:20:36 GMT
Subject: RFR: 8366578: Remove the field tagSize in various
 QuicPacketEncoder.OutgoingQuicPacket subclasses
In-Reply-To: <UeI2VpUO15EBFrtJH2kHXoIBIwC4ITAZITuUf-v-VGs=.8fe5da56-2f13-4711-9473-fe6e9fd10bf3@github.com>
References: <UeI2VpUO15EBFrtJH2kHXoIBIwC4ITAZITuUf-v-VGs=.8fe5da56-2f13-4711-9473-fe6e9fd10bf3@github.com>
Message-ID: <ISFJXFyAEqPQHyjIrEFg8OJEaeEmZwMmNcyTq8cSXk8=.6b0f6b3d-bfdf-41fb-a677-3045352cc369@github.com>

On Mon, 1 Dec 2025 14:19:39 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> Remove unused tagSize fields. Testing clean.

Marked as reviewed by dfuchs (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28578#pullrequestreview-3525551935

From djelinski at openjdk.org  Mon Dec  1 17:10:51 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 1 Dec 2025 17:10:51 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <PTlRzYZLDP-z97hrOWr9C3CQt0TOkr9MSwQ2sOeu3ZE=.cdd8fddd-5659-4fc9-8418-2b5042bd6935@github.com>

On Mon, 1 Dec 2025 14:12:04 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocker other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> This mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44...

LGTM. Thanks!

-------------

Marked as reviewed by djelinski (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28577#pullrequestreview-3526098687

From dfuchs at openjdk.org  Mon Dec  1 17:19:31 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 1 Dec 2025 17:19:31 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <7AkGXks9t4bapk0cGxAcBvIYE5wN6ChDCDoG-gvOBGI=.0aee1a66-4ba2-4dcb-b22a-2b699b1544bd@github.com>

On Mon, 1 Dec 2025 14:12:04 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocker other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> This mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44...

Please make sure to run tier2 before integrating.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3597828383

From schernyshev at openjdk.org  Mon Dec  1 17:47:46 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Mon, 1 Dec 2025 17:47:46 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <PTlRzYZLDP-z97hrOWr9C3CQt0TOkr9MSwQ2sOeu3ZE=.cdd8fddd-5659-4fc9-8418-2b5042bd6935@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <PTlRzYZLDP-z97hrOWr9C3CQt0TOkr9MSwQ2sOeu3ZE=.cdd8fddd-5659-4fc9-8418-2b5042bd6935@github.com>
Message-ID: <zfrU4B35UNYr5y5Y7x-f2xe_oib6LnvUa1PxWP9l6Os=.e6b56ebc-aa81-4f00-9fbb-494b18336cc6@github.com>

On Mon, 1 Dec 2025 17:08:26 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> LGTM. Thanks!

@djelinski Thank you for review!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3597970287

From schernyshev at openjdk.org  Mon Dec  1 17:47:48 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Mon, 1 Dec 2025 17:47:48 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <7AkGXks9t4bapk0cGxAcBvIYE5wN6ChDCDoG-gvOBGI=.0aee1a66-4ba2-4dcb-b22a-2b699b1544bd@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <7AkGXks9t4bapk0cGxAcBvIYE5wN6ChDCDoG-gvOBGI=.0aee1a66-4ba2-4dcb-b22a-2b699b1544bd@github.com>
Message-ID: <YEiILQtz1CENn5uWIL0irhgQezospPnTPTB6IILMt6w=.01271876-9e28-4a10-883c-c41fc1ee521a@github.com>

On Mon, 1 Dec 2025 17:16:07 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> Please make sure to run tier2 before integrating.

@dfuch Thanks Daniel. The new test is in tier2, so far it passes in macOS and Linux. Windows takes more time with tier2...

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3597983722

From djelinski at openjdk.org  Mon Dec  1 17:57:58 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 1 Dec 2025 17:57:58 GMT
Subject: RFR: 8368093: Remove Stream::createPseudoHeaders
Message-ID: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>

The method was copied to Utils, and all uses were updated. Remove the method now.

The methods are still [identical](https://github.com/openjdk/jdk/blob/6cb1c8f9cfcb797af788ca8fb490f388cc68f525/src/java.net.http/share/classes/jdk/internal/net/http/common/Utils.java#L1326-L1354). Tests continue to pass.

-------------

Commit messages:
 - Remove Stream::createPseudoHeaders

Changes: https://git.openjdk.org/jdk/pull/28583/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28583&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8368093
  Stats: 31 lines in 1 file changed: 0 ins; 31 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/28583.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28583/head:pull/28583

PR: https://git.openjdk.org/jdk/pull/28583

From mcimadamore at openjdk.org  Mon Dec  1 18:26:47 2025
From: mcimadamore at openjdk.org (Maurizio Cimadamore)
Date: Mon, 1 Dec 2025 18:26:47 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
In-Reply-To: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
References: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
Message-ID: <AvxdZJlyuZUh8a7q1xCN6DSQExHyS9m9CLTtgc9c1Bg=.06ff7be3-d968-4b79-8e1c-ccbce6ac0acd@github.com>

On Mon, 1 Dec 2025 11:59:38 GMT, Stuart Monteith <smonteith at openjdk.org> wrote:

> MemorySegments allocated from shared Arena from
> java.lang.foreign.Arena.ofShared() have their lifecycle controlled by jdk.internal.foreign.SharedSession. This class ensures that the MemorySegments can't be freed until after a thread has called Arena.close(). This is implemented using a counter that is atomically incremented when used, and decremented when not used, on every invocation of a downcall. While shared Arenas allow any thread to use it and to close it, this tracking has a cost when multiple threads are contended on it. This patch changes the implementation to use multiple counters to reduce contention. sun.nio.ch.IOUtil, java.nio.Buffer and sun.nio.ch.SimpleAsynchronousFileChannelImpl are modified as they have threads releasing the scope different from the ones that allocated them, so a ticket that tracks the counter has to be passed over.
> 
> The microbenchmark org.openjdk.bench.java.lang.foreign. CallOverheadConstant.panama_identity_memory_address_shared_3 was used to generate the following results. The scalability was checked on a number of platforms with the JMH parameter "-t" specifying the number of threads. Measurements are in ns/op .
> 
> The hardware are the Neoverse-N1, N2, V1 and V2, Intel Xeon 8375c and the AMD Epyc 9654.
> 
> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
> |---------|-------|-------|-------|-------|-------|-------|
> |    1  |    30.88   |   32.15  |    33.54  |    32.82  |    27.46  |     8.45 |
> |   2    | 142.56    | 134.48  |   132.01 |    131.50 |    116.68   |   46.53 |
> |  4    |  310.18   |  282.75  |   287.59  |   271.82  |   251.88   |   86.11 |
> |  8    |  702.02   |  710.29  |   736.72  |   670.63  |   533.46   |  194.60 |
> |   16  |  1,436.17 |  1,684.80 |  1,833.69 |  1,782.78 |  1,100.15 |    827.28 |
> |  24  | 2,185.55 |  2,508.86 |  2,732.22 |  2,815.26 |  1,646.09 |  1,530.28  |
> |   32  | 2,942.48 |  3,432.84 |  3,643.64 |  3,782.23 |  2,236.81 |  2,278.52 |
> |   48  | 4,466.56 |  5,174.72 |  5,401.95 |  5,621.41 |  4,926.30  | 3,026.58 |
> 
> After:
> 
> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
> |---------|-------|-------|-------|-------|-------|-------|
> |    1  |    32.41  |    32.11  |    34.43  |  31.32  |    27.94  |     9.82 |
> |    2  |    32.64  |    33.72  |    35.11  |  31.30  |    28.02  |     9.81 |
> |    4  |    32.71  |    36.84  |    34.67  |  31.35  |   28.12   |   10.49 |
> |    8  |    58.22  |    31.60  |    36.87  |  31.72  |    47.09  |...

Thanks for working on this problem.

At the high level I understand your goal here. It is a bit unfortunate that we have to change the API for acquire/release which cascades in many smaller (but simple) changes throughout the JDK. But let's set that aside.

The main (and more serious) issue with this PR is the decoupling of the liveness bit from the ref counting part. This is something that will require some time to work through to ensure correctness is preserved in all cases.

More generally, it is generally advisable for such deep changes to perhaps reach out to panama-dev mailing list first, and maybe have a discussion/reach some consensus there, before moving ahead with a PR.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28575#issuecomment-3598181959

From smonteith at openjdk.org  Mon Dec  1 19:06:46 2025
From: smonteith at openjdk.org (Stuart Monteith)
Date: Mon, 1 Dec 2025 19:06:46 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
In-Reply-To: <AvxdZJlyuZUh8a7q1xCN6DSQExHyS9m9CLTtgc9c1Bg=.06ff7be3-d968-4b79-8e1c-ccbce6ac0acd@github.com>
References: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
 <AvxdZJlyuZUh8a7q1xCN6DSQExHyS9m9CLTtgc9c1Bg=.06ff7be3-d968-4b79-8e1c-ccbce6ac0acd@github.com>
Message-ID: <SwHx_atpaJJH61nyPYs6s8B-bAZzdL7IsNoOQRadiGg=.8319a405-d5d8-4240-b90d-3e8b30964053@github.com>

On Mon, 1 Dec 2025 18:24:07 GMT, Maurizio Cimadamore <mcimadamore at openjdk.org> wrote:

> Thanks for working on this problem.
> 
> At the high level I understand your goal here. It is a bit unfortunate that we have to change the API for acquire/release which cascades in many smaller (but simple) changes throughout the JDK. But let's set that aside.
Yes, that was regrettable.  Originally I retained the "void release0()" that recalculated the "ticket", which resulted in fewer changes. However, it was felt the explicit ticket passing was less likely to introduce errors. 

> 
> The main (and more serious) issue with this PR is the decoupling of the liveness bit from the ref counting part. This is something that will require some time to work through to ensure correctness is preserved in all cases.
> 
Yes, I had been grappling with the  atomicity. The "acquireCount" and "state" are decoupled in the most recent revision of the, so this closing should either fail and not update state, or pass and complete the shutdown. However, the "state" and ScopedAccesses are complex, so I appreciate the scrutiny in that area.

> More generally, it is generally advisable for such deep changes to perhaps reach out to panama-dev mailing list first, and maybe have a discussion/reach some consensus there, before moving ahead with a PR.

That was my mistake - I expected that with the foreign ABI being merged, discussions on internals would have reverted to here.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28575#issuecomment-3598403208

From dfuchs at openjdk.org  Mon Dec  1 20:00:55 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 1 Dec 2025 20:00:55 GMT
Subject: RFR: 8368093: Remove Stream::createPseudoHeaders
In-Reply-To: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>
References: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>
Message-ID: <3RDuGWdUtwkVA2gNgiS3urlx-kmyBh6F_nb94OfW2Tw=.b51fda84-ac5c-4712-aaff-bcc95dbd5416@github.com>

On Mon, 1 Dec 2025 17:45:53 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> The method was copied to Utils, and all uses were updated. Remove the method now.
> 
> The methods are still [identical](https://github.com/openjdk/jdk/blob/6cb1c8f9cfcb797af788ca8fb490f388cc68f525/src/java.net.http/share/classes/jdk/internal/net/http/common/Utils.java#L1326-L1354). Tests continue to pass.

Marked as reviewed by dfuchs (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28583#pullrequestreview-3526724716

From dfuchs at openjdk.org  Mon Dec  1 20:03:48 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 1 Dec 2025 20:03:48 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <x_v3WgjWRTrDeLMVicLTumpe_I0gyHVcOMUZvmh1rRE=.5c74b5d5-6d30-4534-9692-f4bf22f4248d@github.com>

On Mon, 1 Dec 2025 14:12:04 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocker other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

Marked as reviewed by dfuchs (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28577#pullrequestreview-3526733114

From jpai at openjdk.org  Tue Dec  2 06:27:53 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 2 Dec 2025 06:27:53 GMT
Subject: RFR: 8368093: Remove Stream::createPseudoHeaders
In-Reply-To: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>
References: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>
Message-ID: <Q6MyvpZ_WTEK1tK3hzN8idiYpL2E2iwP3rymsDk6FuU=.0d41d33b-bb16-4432-bd22-9045ddc67a90@github.com>

On Mon, 1 Dec 2025 17:45:53 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> The method was copied to Utils, and all uses were updated. Remove the method now.
> 
> The methods are still [identical](https://github.com/openjdk/jdk/blob/6cb1c8f9cfcb797af788ca8fb490f388cc68f525/src/java.net.http/share/classes/jdk/internal/net/http/common/Utils.java#L1326-L1354). Tests continue to pass.

Marked as reviewed by jpai (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28583#pullrequestreview-3528354826

From duke at openjdk.org  Tue Dec  2 08:33:47 2025
From: duke at openjdk.org (duke)
Date: Tue, 2 Dec 2025 08:33:47 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <mlPvhRjZwzG8k4f3rtUUn148GJo1gHNAl2z2t0py04s=.e078ea74-be1a-487c-b331-5bd6c6234ac9@github.com>

On Mon, 1 Dec 2025 14:12:04 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

@sercher 
Your change (at version 7d1a90321450ac9a875ba78c8f261f1729fdd524) is now ready to be sponsored by a Committer.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3600827920

From jpai at openjdk.org  Tue Dec  2 09:19:06 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 2 Dec 2025 09:19:06 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <Hm63cKxAO6ZBOq1Eg5xlHJLzAiwFjNg3eGr6OUl_mzU=.6edb21e2-25fb-430e-bdfc-a9d4baa6c0f9@github.com>

On Mon, 1 Dec 2025 14:12:04 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

Hello Sergey, the copyright year on `HttpsClient` will need an update from `2001, 2024,` to `2001, 2025,`

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3601015803

From jpai at openjdk.org  Tue Dec  2 09:32:06 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 2 Dec 2025 09:32:06 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <QX9h5Z2hBg1I6EgYIJO6kfKPPoWt5PQp23eR0w2lbYw=.b46b8106-1ed2-4c4e-a557-3af1e46f62a7@github.com>

On Mon, 1 Dec 2025 14:12:04 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 478:

> 476:                             !IPAddressUtil.isIPv4LiteralAddress(host) &&
> 477:                             !(host.charAt(0) == '[' && host.charAt(host.length() - 1) == ']' &&
> 478:                                 IPAddressUtil.isIPv6LiteralAddress(host.substring(1, host.length() - 1))

The `host` value here comes from `URL.getHost()` which specifies that it returns an IPv6 address enclosed in `[]`brackets. So what you have here looks fine to me.

One additional thing I would suggest is to make this `protected String host` field of this class `final`. It currently gets assigned in the constructor of the `HttpClient` and `HttpsClient` and making this `final` would give an extra assurance that its value will always be coming from `URL.getHost()` call. 

These 2 `sun.net.www.http.HttpClient` and `HttpsClient` classes are internal to the JDK, so changing this protected field to final shouldn't cause any issues for application code.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580356484

From jpai at openjdk.org  Tue Dec  2 09:49:51 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 2 Dec 2025 09:49:51 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>

On Mon, 1 Dec 2025 14:12:04 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 28:

> 26:  * @bug 8369950
> 27:  * @library /test/lib
> 28:  * @summary TLS connection to IPv6 address fails with BCJSSE due to IllegalArgumentException

Nit - as per the jtreg tag order recommendation, the `@summary` should come before the `@library` https://openjdk.org/jtreg/tag-spec.html#ORDER

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 71:

> 69:      * currently 3 minutes by default, but you might try to be
> 70:      * smart about it....
> 71:      */

I am not too familiar with these style of tests, but it looks like there are several similar ones in the `javax/net/ssl` area. Would you know if these comments are still accurate and up to date? In other words, do we need these comments in this test?

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 97:

> 95:         bw.write("HTTP/1.1 200 OK\r\n\r\n\r\n");
> 96:         bw.flush();
> 97:         Thread.sleep(5000);

Is the sleep() necessary for this test?

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 165:

> 163:      */
> 164:     SubjectAltNameIPv6() throws Exception {
> 165:         if (separateServerThread) {

Are these if/else blocks needed or could we simplify the test to just expect the server and client to run as separate threads?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580413566
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580386092
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580387059
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580393762

From jpai at openjdk.org  Tue Dec  2 09:49:52 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 2 Dec 2025 09:49:52 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>
Message-ID: <y8TpJOSbXJ8y1UPcBl3KdB9PhYt-5Q0IJyeQ3uWlNiI=.4706926b-95dd-47ed-8add-50e2044fc577@github.com>

On Tue, 2 Dec 2025 09:45:11 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 28:
> 
>> 26:  * @bug 8369950
>> 27:  * @library /test/lib
>> 28:  * @summary TLS connection to IPv6 address fails with BCJSSE due to IllegalArgumentException
> 
> Nit - as per the jtreg tag order recommendation, the `@summary` should come before the `@library` https://openjdk.org/jtreg/tag-spec.html#ORDER

Also, this test doesn't exercise the BouncyCastle provider. Would it be better to change this line to say:


@summary Test that the HttpsURLConnection does not set IPv6 address literals for SNI hostname during TLS handshake

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580420910

From djelinski at openjdk.org  Tue Dec  2 09:49:55 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 2 Dec 2025 09:49:55 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>
Message-ID: <K9Zu6z_fguF3Av8rY7-90ovsddh6AcKRyHYTM0tZ83A=.ed0806c5-a03f-4a5e-ae21-6cd792d21b1b@github.com>

On Tue, 2 Dec 2025 09:37:05 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 71:
> 
>> 69:      * currently 3 minutes by default, but you might try to be
>> 70:      * smart about it....
>> 71:      */
> 
> I am not too familiar with these style of tests, but it looks like there are several similar ones in the `javax/net/ssl` area. Would you know if these comments are still accurate and up to date? In other words, do we need these comments in this test?

Let's clean this up in a follow-up PR. There's 60+ files with the same comment.

> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 97:
> 
>> 95:         bw.write("HTTP/1.1 200 OK\r\n\r\n\r\n");
>> 96:         bw.flush();
>> 97:         Thread.sleep(5000);
> 
> Is the sleep() necessary for this test?

Again, copy/paste. Deserves a separate PR to clean up.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580403353
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580408136

From jpai at openjdk.org  Tue Dec  2 09:54:46 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 2 Dec 2025 09:54:46 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <K9Zu6z_fguF3Av8rY7-90ovsddh6AcKRyHYTM0tZ83A=.ed0806c5-a03f-4a5e-ae21-6cd792d21b1b@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>
 <K9Zu6z_fguF3Av8rY7-90ovsddh6AcKRyHYTM0tZ83A=.ed0806c5-a03f-4a5e-ae21-6cd792d21b1b@github.com>
Message-ID: <OOGDP_g6tQEhmvVmgFbsZWOVUewYY2SfL80dhiZGjUU=.f1d7e848-ec53-4d5f-830d-b696cf64c362@github.com>

On Tue, 2 Dec 2025 09:42:19 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 71:
>> 
>>> 69:      * currently 3 minutes by default, but you might try to be
>>> 70:      * smart about it....
>>> 71:      */
>> 
>> I am not too familiar with these style of tests, but it looks like there are several similar ones in the `javax/net/ssl` area. Would you know if these comments are still accurate and up to date? In other words, do we need these comments in this test?
>
> Let's clean this up in a follow-up PR. There's 60+ files with the same comment.

Yes, doing this as a separate PR is fine with me.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580437023

From jpai at openjdk.org  Tue Dec  2 09:58:19 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 2 Dec 2025 09:58:19 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>
Message-ID: <nW4B9BxVz4aA1_IwM4kpbxIywTmGbWaTeJ3bV7IVEu8=.4c1c930f-e1c1-4ae7-961b-b91ea0eefcc2@github.com>

On Tue, 2 Dec 2025 09:39:24 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 165:
> 
>> 163:      */
>> 164:     SubjectAltNameIPv6() throws Exception {
>> 165:         if (separateServerThread) {
> 
> Are these if/else blocks needed or could we simplify the test to just expect the server and client to run as separate threads?

I spoke to Daniel and I agree with him that it's OK to leave this in current form and if needed clean up as a follow up when doing the same for the rest of these tests.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580451134

From vyazici at openjdk.org  Tue Dec  2 10:06:37 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Tue, 2 Dec 2025 10:06:37 GMT
Subject: RFR: 8368093: Remove Stream::createPseudoHeaders
In-Reply-To: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>
References: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>
Message-ID: <OZu8vfroOFmV8pZmSTAU-GlQV9pgi_ZuPVaGxqXQXxk=.01f44a9b-ce22-43ee-af48-3f1d3317236e@github.com>

On Mon, 1 Dec 2025 17:45:53 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> The method was copied to Utils, and all uses were updated. Remove the method now.
> 
> The methods are still [identical](https://github.com/openjdk/jdk/blob/6cb1c8f9cfcb797af788ca8fb490f388cc68f525/src/java.net.http/share/classes/jdk/internal/net/http/common/Utils.java#L1326-L1354). Tests continue to pass.

Marked as reviewed by vyazici (Committer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28583#pullrequestreview-3529260303

From schernyshev at openjdk.org  Tue Dec  2 10:27:05 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 10:27:05 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <Hm63cKxAO6ZBOq1Eg5xlHJLzAiwFjNg3eGr6OUl_mzU=.6edb21e2-25fb-430e-bdfc-a9d4baa6c0f9@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <Hm63cKxAO6ZBOq1Eg5xlHJLzAiwFjNg3eGr6OUl_mzU=.6edb21e2-25fb-430e-bdfc-a9d4baa6c0f9@github.com>
Message-ID: <hnJujIp-Kky0aFfphXeJ6acOxydCP8_msuV1exVZz8s=.4e620125-cc7b-41f6-9781-fe4b5183d284@github.com>

On Tue, 2 Dec 2025 09:16:48 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

> Hello Sergey, the copyright year on `HttpsClient` will need an update from `2001, 2024,` to `2001, 2025,`

Thanks @jaikiran. That's correct. I will update the headers.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3601305090

From djelinski at openjdk.org  Tue Dec  2 12:18:04 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 2 Dec 2025 12:18:04 GMT
Subject: RFR: 8366578: Remove the field tagSize in various
 QuicPacketEncoder.OutgoingQuicPacket subclasses
In-Reply-To: <UeI2VpUO15EBFrtJH2kHXoIBIwC4ITAZITuUf-v-VGs=.8fe5da56-2f13-4711-9473-fe6e9fd10bf3@github.com>
References: <UeI2VpUO15EBFrtJH2kHXoIBIwC4ITAZITuUf-v-VGs=.8fe5da56-2f13-4711-9473-fe6e9fd10bf3@github.com>
Message-ID: <xUQ7XMc6upuvLxTr1dHGc6wuZZl02zLAn1WDLCEOZ7c=.561a6b71-4c04-4b72-ac73-684a09fec034@github.com>

On Mon, 1 Dec 2025 14:19:39 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> Remove unused tagSize fields. Testing clean.

Thanks for the reviews!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28578#issuecomment-3601720908

From djelinski at openjdk.org  Tue Dec  2 12:18:04 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 2 Dec 2025 12:18:04 GMT
Subject: Integrated: 8366578: Remove the field tagSize in various
 QuicPacketEncoder.OutgoingQuicPacket subclasses
In-Reply-To: <UeI2VpUO15EBFrtJH2kHXoIBIwC4ITAZITuUf-v-VGs=.8fe5da56-2f13-4711-9473-fe6e9fd10bf3@github.com>
References: <UeI2VpUO15EBFrtJH2kHXoIBIwC4ITAZITuUf-v-VGs=.8fe5da56-2f13-4711-9473-fe6e9fd10bf3@github.com>
Message-ID: <UpGUr8hgQEwhS5p_17oxxXyTYZyA52O8TDgeWzT1pok=.d6e64513-bc3c-43a4-8478-07934a05e61d@github.com>

On Mon, 1 Dec 2025 14:19:39 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> Remove unused tagSize fields. Testing clean.

This pull request has now been integrated.

Changeset: 13e062e7
Author:    Daniel Jeli?ski <djelinski at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/13e062e7a36cf9880416a4e867de13778c6bed2b
Stats:     8 lines in 1 file changed: 0 ins; 8 del; 0 mod

8366578: Remove the field tagSize in various QuicPacketEncoder.OutgoingQuicPacket subclasses

Reviewed-by: jpai, dfuchs

-------------

PR: https://git.openjdk.org/jdk/pull/28578

From djelinski at openjdk.org  Tue Dec  2 12:19:03 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 2 Dec 2025 12:19:03 GMT
Subject: RFR: 8368093: Remove Stream::createPseudoHeaders
In-Reply-To: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>
References: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>
Message-ID: <ItR4uaqg0JTxgUuXQPhJWEt4YbffI8WNIY_g3LBVWA0=.aaef46f6-e451-4865-9dbd-cea44b3df3a8@github.com>

On Mon, 1 Dec 2025 17:45:53 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> The method was copied to Utils, and all uses were updated. Remove the method now.
> 
> The methods are still [identical](https://github.com/openjdk/jdk/blob/6cb1c8f9cfcb797af788ca8fb490f388cc68f525/src/java.net.http/share/classes/jdk/internal/net/http/common/Utils.java#L1326-L1354). Tests continue to pass.

Thanks for the reviews!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28583#issuecomment-3601722171

From djelinski at openjdk.org  Tue Dec  2 12:19:05 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 2 Dec 2025 12:19:05 GMT
Subject: Integrated: 8368093: Remove Stream::createPseudoHeaders
In-Reply-To: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>
References: <ZWeVHXcGFMYg-tjemOZVbitZPXU3cRWKagHBwoEVdw0=.5c71a379-ef1f-4876-a5ba-a3264619719a@github.com>
Message-ID: <YCLZ9lUob95-A094HSA_ES9-e8AKmOuplI7U6RvPVw0=.5839230d-e162-4a90-9ee1-f265b900abcd@github.com>

On Mon, 1 Dec 2025 17:45:53 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> The method was copied to Utils, and all uses were updated. Remove the method now.
> 
> The methods are still [identical](https://github.com/openjdk/jdk/blob/6cb1c8f9cfcb797af788ca8fb490f388cc68f525/src/java.net.http/share/classes/jdk/internal/net/http/common/Utils.java#L1326-L1354). Tests continue to pass.

This pull request has now been integrated.

Changeset: 5cba2c84
Author:    Daniel Jeli?ski <djelinski at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/5cba2c8461005f2f7bcafdce622126a113f4bbd4
Stats:     31 lines in 1 file changed: 0 ins; 31 del; 0 mod

8368093: Remove Stream::createPseudoHeaders

Reviewed-by: dfuchs, jpai, vyazici

-------------

PR: https://git.openjdk.org/jdk/pull/28583

From schernyshev at openjdk.org  Tue Dec  2 14:29:34 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 14:29:34 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:

 - addressed more review comments
 - addressed review comments

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28577/files
  - new: https://git.openjdk.org/jdk/pull/28577/files/7d1a9032..c388c253

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=00-01

  Stats: 113 lines in 2 files changed: 17 ins; 69 del; 27 mod
  Patch: https://git.openjdk.org/jdk/pull/28577.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28577/head:pull/28577

PR: https://git.openjdk.org/jdk/pull/28577

From dfuchs at openjdk.org  Tue Dec  2 14:29:36 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 2 Dec 2025 14:29:36 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <SrHKEuWn5olIN4mv7WqvmlPoX2xntwuLPadNteXa4Gk=.08751532-3d10-4eec-a3c9-9827dd1960cc@github.com>

On Mon, 1 Dec 2025 14:12:04 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

> @[sercher](https://github.com/sercher) sercher marked this pull request as draft [2 hours ago](https://github.com/openjdk/jdk/pull/28577#event-21302029904)

@sercher did you intend to put this PR back into DRAFT?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3601855196

From schernyshev at openjdk.org  Tue Dec  2 14:29:37 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 14:29:37 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException
In-Reply-To: <hnJujIp-Kky0aFfphXeJ6acOxydCP8_msuV1exVZz8s=.4e620125-cc7b-41f6-9781-fe4b5183d284@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <Hm63cKxAO6ZBOq1Eg5xlHJLzAiwFjNg3eGr6OUl_mzU=.6edb21e2-25fb-430e-bdfc-a9d4baa6c0f9@github.com>
 <hnJujIp-Kky0aFfphXeJ6acOxydCP8_msuV1exVZz8s=.4e620125-cc7b-41f6-9781-fe4b5183d284@github.com>
Message-ID: <RFkoMoOj6XPxDCUrIdOejsbCFUfVEgBpV_2KmqC9DcI=.89479bf0-856b-4ddf-b8f6-1db60ba4ac8a@github.com>

On Tue, 2 Dec 2025 10:23:53 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hello Sergey, the copyright year on `HttpsClient` will need an update from `2001, 2024,` to `2001, 2025,`
>
>> Hello Sergey, the copyright year on `HttpsClient` will need an update from `2001, 2024,` to `2001, 2025,`
> 
> Thanks @jaikiran. That's correct. I will update the headers.

> @sercher did you intend to put this PR back into DRAFT?

it had already the "sponsor" label when more reviews came. I changed to draft intentionally so no one would sponsor by mistake.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3602161053

From vyazici at openjdk.org  Tue Dec  2 14:29:41 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Tue, 2 Dec 2025 14:29:41 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
Message-ID: <PoeBw3wuGY9DfpYrIinzpo9-OPvv3KkSqi8iMl9c5nM=.8c999e41-2ae8-4e1d-9663-1e9d869875bc@github.com>

On Tue, 2 Dec 2025 14:25:36 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - addressed more review comments
>  - addressed review comments

src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 1:

> 1: /*

Copyright year needs a bump.

src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 476:

> 474:                     // host has been set previously for SSLSocketImpl
> 475:                     if (!(s instanceof SSLSocketImpl) &&
> 476:                             !IPAddressUtil.isIPv4LiteralAddress(host) &&

This introduces a new behavior for both IPv4 and IPv6, yet we only verify the IPv6 behavior. Shouldn't we also verify that when the provided host is an IPv4 literal, `setServerNames()` is left untouched?

src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 478:

> 476:                             !IPAddressUtil.isIPv4LiteralAddress(host) &&
> 477:                             !(host.charAt(0) == '[' && host.charAt(host.length() - 1) == ']' &&
> 478:                                 IPAddressUtil.isIPv6LiteralAddress(host.substring(1, host.length() - 1))

There is one more place in `sun.net.www`, which is in this very class, that


(host.charAt(0) == '[' && host.charAt(host.length() - 1) == ']') { return host.substring(1, host.length() - 1)


logic is practiced. Would it make sense to refactor this into a `private static Optional<String> ipv6FromHost(String host)` method, preferably with some short explanation in the method's Javadoc on why we do this?

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 1:

> 1: /*

FWIW, _without_ the proposed `HttpsClient` changes, I can reproduce


java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
	at java.base/java.net.IDN.toASCIIInternal(IDN.java:310)
	at java.base/java.net.IDN.toASCII(IDN.java:139)
	at java.base/javax.net.ssl.SNIHostName.<init>(SNIHostName.java:114)
	at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:475)


using this test against `master` (i.e., 7278d2e8e58). Put another way, AFAICT, fix and test is legit.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580621834
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580726453
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580631079
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580718016

From schernyshev at openjdk.org  Tue Dec  2 14:29:43 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 14:29:43 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <PoeBw3wuGY9DfpYrIinzpo9-OPvv3KkSqi8iMl9c5nM=.8c999e41-2ae8-4e1d-9663-1e9d869875bc@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <PoeBw3wuGY9DfpYrIinzpo9-OPvv3KkSqi8iMl9c5nM=.8c999e41-2ae8-4e1d-9663-1e9d869875bc@github.com>
Message-ID: <IHcL_eqNIg2ldJ3DvM1CqFcCgJHscX9C0MMreyo4XMc=.8bebe0db-6c3a-4d8c-96df-a33808aa680c@github.com>

On Tue, 2 Dec 2025 11:14:19 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - addressed more review comments
>>  - addressed review comments
>
> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 476:
> 
>> 474:                     // host has been set previously for SSLSocketImpl
>> 475:                     if (!(s instanceof SSLSocketImpl) &&
>> 476:                             !IPAddressUtil.isIPv4LiteralAddress(host) &&
> 
> This introduces a new behavior for both IPv4 and IPv6, yet we only verify the IPv6 behavior. Shouldn't we also verify that when the provided host is an IPv4 literal, `setServerNames()` is left untouched?

@vy The test excercises the same code path as in the BCJSSE case, that throws an exception on non-LDH symbols. Segments of IPv4 literal adresses are all LDH, so they do not trigger any exception. Adding an IPAddressUtil.isIPv4LiteralAddress() check in the above condition is purely to mirror SSLSocketImpl behavior, as I thought initially.

On the other hand, should we then add a negative test with a certificate that doesn't have a SAN extension (or the 127.0.0.1 ipv4 address in it), that should fail in the HostnameVerifier when the 'https://127.0.0.1' is requested?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580917249

From schernyshev at openjdk.org  Tue Dec  2 14:29:44 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 14:29:44 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <IHcL_eqNIg2ldJ3DvM1CqFcCgJHscX9C0MMreyo4XMc=.8bebe0db-6c3a-4d8c-96df-a33808aa680c@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <PoeBw3wuGY9DfpYrIinzpo9-OPvv3KkSqi8iMl9c5nM=.8c999e41-2ae8-4e1d-9663-1e9d869875bc@github.com>
 <IHcL_eqNIg2ldJ3DvM1CqFcCgJHscX9C0MMreyo4XMc=.8bebe0db-6c3a-4d8c-96df-a33808aa680c@github.com>
Message-ID: <5Xi3KzSpKO5zUPBdESbgG7zc7JQmTjwjWgyVxiqN3Ic=.2464c8db-275e-43b7-9893-4c7cefac9f0e@github.com>

On Tue, 2 Dec 2025 12:15:36 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 476:
>> 
>>> 474:                     // host has been set previously for SSLSocketImpl
>>> 475:                     if (!(s instanceof SSLSocketImpl) &&
>>> 476:                             !IPAddressUtil.isIPv4LiteralAddress(host) &&
>> 
>> This introduces a new behavior for both IPv4 and IPv6, yet we only verify the IPv6 behavior. Shouldn't we also verify that when the provided host is an IPv4 literal, `setServerNames()` is left untouched?
>
> @vy The test excercises the same code path as in the BCJSSE case, that throws an exception on non-LDH symbols. Segments of IPv4 literal adresses are all LDH, so they do not trigger any exception. Adding an IPAddressUtil.isIPv4LiteralAddress() check in the above condition is purely to mirror SSLSocketImpl behavior, as I thought initially.
> 
> On the other hand, should we then add a negative test with a certificate that doesn't have a SAN extension (or the 127.0.0.1 ipv4 address in it), that should fail in the HostnameVerifier when the 'https://127.0.0.1' is requested?

@djelinski would you think such a negative test is needed here?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581325563

From schernyshev at openjdk.org  Tue Dec  2 14:29:45 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 14:29:45 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <QX9h5Z2hBg1I6EgYIJO6kfKPPoWt5PQp23eR0w2lbYw=.b46b8106-1ed2-4c4e-a557-3af1e46f62a7@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <QX9h5Z2hBg1I6EgYIJO6kfKPPoWt5PQp23eR0w2lbYw=.b46b8106-1ed2-4c4e-a557-3af1e46f62a7@github.com>
Message-ID: <UMw_gK9uCzSqvJl5T84kyeejJPvgwld2E72Np97Jr5U=.c8805aa4-49cf-4730-aaf9-aea11d7db231@github.com>

On Tue, 2 Dec 2025 09:29:01 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - addressed more review comments
>>  - addressed review comments
>
> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 478:
> 
>> 476:                             !IPAddressUtil.isIPv4LiteralAddress(host) &&
>> 477:                             !(host.charAt(0) == '[' && host.charAt(host.length() - 1) == ']' &&
>> 478:                                 IPAddressUtil.isIPv6LiteralAddress(host.substring(1, host.length() - 1))
> 
> The `host` value here comes from `URL.getHost()` which specifies that it returns an IPv6 address enclosed in `[]`brackets. So what you have here looks fine to me.
> 
> One additional thing I would suggest is to make this `protected String host` field of this class `final`. It currently gets assigned in the constructor of the `HttpClient` and `HttpsClient` and making this `final` would give an extra assurance that its value will always be coming from `URL.getHost()` call. 
> 
> These 2 `sun.net.www.http.HttpClient` and `HttpsClient` classes are internal to the JDK, so changing this protected field to final shouldn't cause any issues for application code.

@jaikiran I think this deserves a separate issue. I could file a bug for this.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580621085

From jpai at openjdk.org  Tue Dec  2 14:29:46 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 2 Dec 2025 14:29:46 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <UMw_gK9uCzSqvJl5T84kyeejJPvgwld2E72Np97Jr5U=.c8805aa4-49cf-4730-aaf9-aea11d7db231@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <QX9h5Z2hBg1I6EgYIJO6kfKPPoWt5PQp23eR0w2lbYw=.b46b8106-1ed2-4c4e-a557-3af1e46f62a7@github.com>
 <UMw_gK9uCzSqvJl5T84kyeejJPvgwld2E72Np97Jr5U=.c8805aa4-49cf-4730-aaf9-aea11d7db231@github.com>
Message-ID: <kumB899N_b-QKm0uXQatTU9gsSxpG5Vuty6FhkBP51c=.e7b5bac2-e72d-4d88-bedf-f282375ba77f@github.com>

On Tue, 2 Dec 2025 10:42:02 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 478:
>> 
>>> 476:                             !IPAddressUtil.isIPv4LiteralAddress(host) &&
>>> 477:                             !(host.charAt(0) == '[' && host.charAt(host.length() - 1) == ']' &&
>>> 478:                                 IPAddressUtil.isIPv6LiteralAddress(host.substring(1, host.length() - 1))
>> 
>> The `host` value here comes from `URL.getHost()` which specifies that it returns an IPv6 address enclosed in `[]`brackets. So what you have here looks fine to me.
>> 
>> One additional thing I would suggest is to make this `protected String host` field of this class `final`. It currently gets assigned in the constructor of the `HttpClient` and `HttpsClient` and making this `final` would give an extra assurance that its value will always be coming from `URL.getHost()` call. 
>> 
>> These 2 `sun.net.www.http.HttpClient` and `HttpsClient` classes are internal to the JDK, so changing this protected field to final shouldn't cause any issues for application code.
>
> @jaikiran I think this deserves a separate issue. I could file a bug for this.

Yes, it's OK with me if you don't change this field to `final` in this PR.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580627052

From dfuchs at openjdk.org  Tue Dec  2 14:29:48 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 2 Dec 2025 14:29:48 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <PoeBw3wuGY9DfpYrIinzpo9-OPvv3KkSqi8iMl9c5nM=.8c999e41-2ae8-4e1d-9663-1e9d869875bc@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <PoeBw3wuGY9DfpYrIinzpo9-OPvv3KkSqi8iMl9c5nM=.8c999e41-2ae8-4e1d-9663-1e9d869875bc@github.com>
Message-ID: <jvfng6mGYKjiAfjswiHQcrw3CeXT3SRcS5gKs2rguNc=.f4664a69-c9e7-4fbc-9dbb-f2509fd9b3a4@github.com>

On Tue, 2 Dec 2025 10:45:10 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - addressed more review comments
>>  - addressed review comments
>
> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 478:
> 
>> 476:                             !IPAddressUtil.isIPv4LiteralAddress(host) &&
>> 477:                             !(host.charAt(0) == '[' && host.charAt(host.length() - 1) == ']' &&
>> 478:                                 IPAddressUtil.isIPv6LiteralAddress(host.substring(1, host.length() - 1))
> 
> There is one more place in `sun.net.www`, which is in this very class, that
> 
> 
> (host.charAt(0) == '[' && host.charAt(host.length() - 1) == ']') { return host.substring(1, host.length() - 1)
> 
> 
> logic is practiced. Would it make sense to refactor this into a `private static Optional<String> ipv6FromHost(String host)` method, preferably with some short explanation in the method's Javadoc on why we do this?

The same thought occurred to me but I'd rather keep refactoring at a minimum in this PR.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581000260

From schernyshev at openjdk.org  Tue Dec  2 14:29:50 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 14:29:50 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <y8TpJOSbXJ8y1UPcBl3KdB9PhYt-5Q0IJyeQ3uWlNiI=.4706926b-95dd-47ed-8add-50e2044fc577@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>
 <y8TpJOSbXJ8y1UPcBl3KdB9PhYt-5Q0IJyeQ3uWlNiI=.4706926b-95dd-47ed-8add-50e2044fc577@github.com>
Message-ID: <DaLoz0ibsmWdTtYZ3mjgPa5ZrmPizpcDCZx59SYZJUM=.609195f5-be03-431a-93b8-580fbf21816d@github.com>

On Tue, 2 Dec 2025 09:47:21 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 28:
>> 
>>> 26:  * @bug 8369950
>>> 27:  * @library /test/lib
>>> 28:  * @summary TLS connection to IPv6 address fails with BCJSSE due to IllegalArgumentException
>> 
>> Nit - as per the jtreg tag order recommendation, the `@summary` should come before the `@library` https://openjdk.org/jtreg/tag-spec.html#ORDER
>
> Also, this test doesn't exercise the BouncyCastle provider. Would it be better to change this line to say:
> 
> 
> @summary Test that the HttpsURLConnection does not set IPv6 address literals for SNI hostname during TLS handshake

> Nit - as per the jtreg tag order recommendation, the `@summary` should come before the `@library` https://openjdk.org/jtreg/tag-spec.html#ORDER

Thanks @jaikiran , i will update the order and the summary text. The BouncyCastle came here from the title of the issue.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580611708

From myankelevich at openjdk.org  Tue Dec  2 14:29:52 2025
From: myankelevich at openjdk.org (Mikhail Yankelevich)
Date: Tue, 2 Dec 2025 14:29:52 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
Message-ID: <AIB8evccHuhTp--ae15jKVqXV4bgD2oEv2s4OMLb0SQ=.cb6f4983-736c-4c27-9389-4f946b8ce089@github.com>

On Tue, 2 Dec 2025 14:25:36 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - addressed more review comments
>  - addressed review comments

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 32:

> 30:  */
> 31: 
> 32: import javax.net.ssl.*;

nit: wildcard imports

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 50:

> 48:      * Turn on SSL debugging?
> 49:      */
> 50:     static boolean debug = false;

Could you please change this to be a env variable? something like
```java 
     static boolean debug = Boolean.getBoolean("test.debug");

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580968937
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580967566

From schernyshev at openjdk.org  Tue Dec  2 14:29:54 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 14:29:54 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <AIB8evccHuhTp--ae15jKVqXV4bgD2oEv2s4OMLb0SQ=.cb6f4983-736c-4c27-9389-4f946b8ce089@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <AIB8evccHuhTp--ae15jKVqXV4bgD2oEv2s4OMLb0SQ=.cb6f4983-736c-4c27-9389-4f946b8ce089@github.com>
Message-ID: <MZjlrkrWTFrO__VS74DEEQOkDjm09UhV5pyR8bIu1GM=.61e4080e-da46-469f-956b-8888e4dfb206@github.com>

On Tue, 2 Dec 2025 12:30:21 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - addressed more review comments
>>  - addressed review comments
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 32:
> 
>> 30:  */
>> 31: 
>> 32: import javax.net.ssl.*;
> 
> nit: wildcard imports

Thanks @myankelev . Done.

> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 50:
> 
>> 48:      * Turn on SSL debugging?
>> 49:      */
>> 50:     static boolean debug = false;
> 
> Could you please change this to be a env variable? something like
> ```java 
>      static boolean debug = Boolean.getBoolean("test.debug");

Thanks @myankelev . Accepted.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581412259
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581412017

From schernyshev at openjdk.org  Tue Dec  2 14:29:56 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 14:29:56 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <OOGDP_g6tQEhmvVmgFbsZWOVUewYY2SfL80dhiZGjUU=.f1d7e848-ec53-4d5f-830d-b696cf64c362@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>
 <K9Zu6z_fguF3Av8rY7-90ovsddh6AcKRyHYTM0tZ83A=.ed0806c5-a03f-4a5e-ae21-6cd792d21b1b@github.com>
 <OOGDP_g6tQEhmvVmgFbsZWOVUewYY2SfL80dhiZGjUU=.f1d7e848-ec53-4d5f-830d-b696cf64c362@github.com>
Message-ID: <IsnONMh6d8jY_KMJE9cbLURgnOgG-J6iZ0Y0I_5sw8E=.12ea55f7-9b31-4f84-be0d-56ea51fad87d@github.com>

On Tue, 2 Dec 2025 09:51:49 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Let's clean this up in a follow-up PR. There's 60+ files with the same comment.
>
> Yes, doing this as a separate PR is fine with me.

@jaikiran Let me clean up the comments that are not anymore accurate in this particular PR. I personally try to avoid this type of changes that only touch the whitespace or comments blocks, including the copyright header ones, because they increase the number of connections between unrelated changes, that makes the fix less portable.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580598800

From jpai at openjdk.org  Tue Dec  2 14:29:57 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 2 Dec 2025 14:29:57 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <IsnONMh6d8jY_KMJE9cbLURgnOgG-J6iZ0Y0I_5sw8E=.12ea55f7-9b31-4f84-be0d-56ea51fad87d@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <qCwCFD5R7mwt6fqGGE7675rtLIovxYYlYt39mqLoEGU=.c1a18849-e30f-4498-9b61-fb03a50a250e@github.com>
 <K9Zu6z_fguF3Av8rY7-90ovsddh6AcKRyHYTM0tZ83A=.ed0806c5-a03f-4a5e-ae21-6cd792d21b1b@github.com>
 <OOGDP_g6tQEhmvVmgFbsZWOVUewYY2SfL80dhiZGjUU=.f1d7e848-ec53-4d5f-830d-b696cf64c362@github.com>
 <IsnONMh6d8jY_KMJE9cbLURgnOgG-J6iZ0Y0I_5sw8E=.12ea55f7-9b31-4f84-be0d-56ea51fad87d@github.com>
Message-ID: <BYMIIoGYGa11w9HlNfmjKvDhRC4V_S4obZSiTjkJr08=.80afeb97-c779-46d1-bac4-c187e61ff43d@github.com>

On Tue, 2 Dec 2025 10:34:57 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Yes, doing this as a separate PR is fine with me.
>
> @jaikiran Let me clean up the comments that are not anymore accurate in this particular PR. I personally try to avoid this type of changes that only touch the whitespace or comments blocks, including the copyright header ones, because they increase the number of connections between unrelated changes, that makes the fix less portable.

@sercher, it's OK if you leave the test in the current form. Just fixing the `@summary` test on the test definition should be enough. I have spoken to others and the agreement is that since we already have similar tests in this area, it probably is a better thing to let this test stay in this manner instead of devicing some new way to test this. Sorry about the previous guidance to update these test comments.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580623450

From djelinski at openjdk.org  Tue Dec  2 14:50:04 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 2 Dec 2025 14:50:04 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <5Xi3KzSpKO5zUPBdESbgG7zc7JQmTjwjWgyVxiqN3Ic=.2464c8db-275e-43b7-9893-4c7cefac9f0e@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <PoeBw3wuGY9DfpYrIinzpo9-OPvv3KkSqi8iMl9c5nM=.8c999e41-2ae8-4e1d-9663-1e9d869875bc@github.com>
 <IHcL_eqNIg2ldJ3DvM1CqFcCgJHscX9C0MMreyo4XMc=.8bebe0db-6c3a-4d8c-96df-a33808aa680c@github.com>
 <5Xi3KzSpKO5zUPBdESbgG7zc7JQmTjwjWgyVxiqN3Ic=.2464c8db-275e-43b7-9893-4c7cefac9f0e@github.com>
Message-ID: <Mjjj0j9tUB5JYow7B2AUTM8bSdxAIRdzakhH0aE-Mjk=.8ae3faba-bbf7-4ee6-8493-df968bcb20a1@github.com>

On Tue, 2 Dec 2025 14:01:20 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> @vy The test excercises the same code path as in the BCJSSE case, that throws an exception on non-LDH symbols. Segments of IPv4 literal adresses are all LDH, so they do not trigger any exception. Adding an IPAddressUtil.isIPv4LiteralAddress() check in the above condition is purely to mirror SSLSocketImpl behavior, as I thought initially.
>> 
>> On the other hand, should we then add a negative test with a certificate that doesn't have a SAN extension (or the 127.0.0.1 ipv4 address in it), that should fail in the HostnameVerifier when the 'https://127.0.0.1' is requested?
>
> @djelinski would you think such a negative test is needed here?

> On the other hand, should we then add a negative test with a certificate that doesn't have a SAN extension (or the 127.0.0.1 ipv4 address in it), that should fail in the HostnameVerifier when the 'https://127.0.0.1/' is requested?

No, such test would fail whether we use setServerNames or not.

I think @vy is asking for a check that the SSLParameters passed to SSLSocket#setSSLParameters have no serverNames configured. That should be reasonably easy to do.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581507151

From myankelevich at openjdk.org  Tue Dec  2 15:05:29 2025
From: myankelevich at openjdk.org (Mikhail Yankelevich)
Date: Tue, 2 Dec 2025 15:05:29 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
Message-ID: <TysOFCScMmUVGHDbWRRPbpCcc8CVGx6SJFfbZDmfC5I=.31e8c597-d7f2-4dc9-ad00-cacbc904bd6d@github.com>

On Tue, 2 Dec 2025 14:29:34 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - addressed more review comments
>  - addressed review comments

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 65:

> 63:      * Turn on SSL debugging?
> 64:      */
> 65:     static boolean debug = Boolean.getBoolean("test.debug");

Actually, do we even need this? Wouldn't it be easier to set `javax.net.debug` in the `@run` call? It's `othervm` already. 
Sorry for confusion, didn't think about it at first

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581583526

From schernyshev at openjdk.org  Tue Dec  2 15:20:02 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 15:20:02 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <TysOFCScMmUVGHDbWRRPbpCcc8CVGx6SJFfbZDmfC5I=.31e8c597-d7f2-4dc9-ad00-cacbc904bd6d@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <TysOFCScMmUVGHDbWRRPbpCcc8CVGx6SJFfbZDmfC5I=.31e8c597-d7f2-4dc9-ad00-cacbc904bd6d@github.com>
Message-ID: <kxQJhHMAHM8yhaQyvVvI9DoE6QOpQprRLesfTjmvLgo=.9fb2216e-15d4-4776-9bb1-66b77ce4fe99@github.com>

On Tue, 2 Dec 2025 15:02:23 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - addressed more review comments
>>  - addressed review comments
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 65:
> 
>> 63:      * Turn on SSL debugging?
>> 64:      */
>> 65:     static boolean debug = Boolean.getBoolean("test.debug");
> 
> Actually, do we even need this? Wouldn't it be easier to set `javax.net.debug` in the `@run` call? It's `othervm` already. 
> Sorry for confusion, didn't think about it at first

@myankelev should I revert the suggested change?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581641252

From myankelevich at openjdk.org  Tue Dec  2 15:25:09 2025
From: myankelevich at openjdk.org (Mikhail Yankelevich)
Date: Tue, 2 Dec 2025 15:25:09 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <kxQJhHMAHM8yhaQyvVvI9DoE6QOpQprRLesfTjmvLgo=.9fb2216e-15d4-4776-9bb1-66b77ce4fe99@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <TysOFCScMmUVGHDbWRRPbpCcc8CVGx6SJFfbZDmfC5I=.31e8c597-d7f2-4dc9-ad00-cacbc904bd6d@github.com>
 <kxQJhHMAHM8yhaQyvVvI9DoE6QOpQprRLesfTjmvLgo=.9fb2216e-15d4-4776-9bb1-66b77ce4fe99@github.com>
Message-ID: <dkgZpBB-_wfd7t0hHa0ezyQknCzpeglf0M3Hv2qp6lc=.bf3a5db9-670c-4704-97c0-fa2b68465daf@github.com>

On Tue, 2 Dec 2025 15:17:21 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 65:
>> 
>>> 63:      * Turn on SSL debugging?
>>> 64:      */
>>> 65:     static boolean debug = Boolean.getBoolean("test.debug");
>> 
>> Actually, do we even need this? Wouldn't it be easier to set `javax.net.debug` in the `@run` call? It's `othervm` already. 
>> Sorry for confusion, didn't think about it at first
>
> @myankelev should I revert the suggested change?

Nope, it's fine as it is now, but if you want you can remove this debug flag completely. It's up to you

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581661759

From dfuchs at openjdk.org  Tue Dec  2 15:30:47 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 2 Dec 2025 15:30:47 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
Message-ID: <ipVCrGYaL_YkL29V1cB1slo-ledZNrQjojT8Z2TeqTw=.4eabc9ee-64de-4ce8-8146-7416df49957f@github.com>

On Tue, 2 Dec 2025 14:29:34 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - addressed more review comments
>  - addressed review comments

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 137:

> 135:         if (debug) {
> 136:             System.setProperty("javax.net.debug", "all");
> 137:         }

If it's the only place where `debug` is used then I believe @myankelev is right and we don't need it.
You can put an `@comment` to remind the reader that they can pass the  `-Djavax.net.debug=all` on the `@run` line.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581674525

From myankelevich at openjdk.org  Tue Dec  2 15:48:08 2025
From: myankelevich at openjdk.org (Mikhail Yankelevich)
Date: Tue, 2 Dec 2025 15:48:08 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
Message-ID: <UkS8dlyxpkyf9UV-LyQMHVhuqmq1cY9lGBDz4tSxVjo=.1cf4a053-7f22-4d72-95cb-a92c346fb928@github.com>

On Tue, 2 Dec 2025 14:29:34 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - addressed more review comments
>  - addressed review comments

Just a few minor comments

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 60:

> 58:      * Is the server ready to serve?
> 59:      */
> 60:     volatile static boolean serverReady = false;

I think this might be better to make this a `CountDownLatch`

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 76:

> 74:         SSLServerSocketFactory sslssf =
> 75:             new SimpleSSLContext().get().getServerSocketFactory();
> 76:         SSLServerSocket sslServerSocket =

Nit: could you please keep the lines under 80 characters long. There are a few instances in this file

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 110:

> 108: 
> 109:         SSLSocketFactory sf = new SimpleSSLContext().get().getSocketFactory();
> 110:         URL url = new URL("https://[::1]:" + serverPort + "/index.html");

Suggestion:

  URL url = 
          new URI("https://[::1]:" + serverPort + "/index.html").toURL();

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 153:

> 151:     SubjectAltNameIPv6() throws Exception {
> 152:         startServer();
> 153:         startClient();

Do you think it might be better to call doClientSide here directly?

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 165:

> 163: 
> 164:     void startServer() throws Exception {
> 165:         serverThread = new Thread() {

Suggestion:

        serverThread = new Thread(() -> {

What do you think?

-------------

PR Review: https://git.openjdk.org/jdk/pull/28577#pullrequestreview-3530780325
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581743338
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581725471
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581716748
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581731969
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581757022

From schernyshev at openjdk.org  Tue Dec  2 16:36:10 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 16:36:10 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <UkS8dlyxpkyf9UV-LyQMHVhuqmq1cY9lGBDz4tSxVjo=.1cf4a053-7f22-4d72-95cb-a92c346fb928@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <UkS8dlyxpkyf9UV-LyQMHVhuqmq1cY9lGBDz4tSxVjo=.1cf4a053-7f22-4d72-95cb-a92c346fb928@github.com>
Message-ID: <OXxA-luSw3edvtSTPZVwAGtCnd-5FtbjjS_L1a9a9sQ=.20867602-6d28-4f0e-98d4-5025205a7009@github.com>

On Tue, 2 Dec 2025 15:36:29 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - addressed more review comments
>>  - addressed review comments
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 76:
> 
>> 74:         SSLServerSocketFactory sslssf =
>> 75:             new SimpleSSLContext().get().getServerSocketFactory();
>> 76:         SSLServerSocket sslServerSocket =
> 
> Nit: could you please keep the lines under 80 characters long. There are a few instances in this file

ok.

> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 153:
> 
>> 151:     SubjectAltNameIPv6() throws Exception {
>> 152:         startServer();
>> 153:         startClient();
> 
> Do you think it might be better to call doClientSide here directly?

ok, accepted.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581969554
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581975687

From schernyshev at openjdk.org  Tue Dec  2 16:50:23 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 16:50:23 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <UkS8dlyxpkyf9UV-LyQMHVhuqmq1cY9lGBDz4tSxVjo=.1cf4a053-7f22-4d72-95cb-a92c346fb928@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <UkS8dlyxpkyf9UV-LyQMHVhuqmq1cY9lGBDz4tSxVjo=.1cf4a053-7f22-4d72-95cb-a92c346fb928@github.com>
Message-ID: <o7nEHyXhWrmACIBu5Q8xAkwQSN55xOJNMzRonRmoyig=.6a2a275f-a7b0-48ac-861a-14df05b686b4@github.com>

On Tue, 2 Dec 2025 15:40:19 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - addressed more review comments
>>  - addressed review comments
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 60:
> 
>> 58:      * Is the server ready to serve?
>> 59:      */
>> 60:     volatile static boolean serverReady = false;
> 
> I think this might be better to make this a `CountDownLatch`

ok, accepted.

> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 110:
> 
>> 108: 
>> 109:         SSLSocketFactory sf = new SimpleSSLContext().get().getSocketFactory();
>> 110:         URL url = new URL("https://[::1]:" + serverPort + "/index.html");
> 
> Suggestion:
> 
>   URL url = 
>           new URI("https://[::1]:" + serverPort + "/index.html").toURL();

I think the block is better readable without it.

> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 165:
> 
>> 163: 
>> 164:     void startServer() throws Exception {
>> 165:         serverThread = new Thread() {
> 
> Suggestion:
> 
>         serverThread = new Thread(() -> {
> 
> What do you think?

This makes sense. I will set the /contributer manually later.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2582027880
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2582024160
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2582019908

From schernyshev at openjdk.org  Tue Dec  2 16:50:25 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 16:50:25 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <dkgZpBB-_wfd7t0hHa0ezyQknCzpeglf0M3Hv2qp6lc=.bf3a5db9-670c-4704-97c0-fa2b68465daf@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <TysOFCScMmUVGHDbWRRPbpCcc8CVGx6SJFfbZDmfC5I=.31e8c597-d7f2-4dc9-ad00-cacbc904bd6d@github.com>
 <kxQJhHMAHM8yhaQyvVvI9DoE6QOpQprRLesfTjmvLgo=.9fb2216e-15d4-4776-9bb1-66b77ce4fe99@github.com>
 <dkgZpBB-_wfd7t0hHa0ezyQknCzpeglf0M3Hv2qp6lc=.bf3a5db9-670c-4704-97c0-fa2b68465daf@github.com>
Message-ID: <xCXQqp_x8lZhr1WxxEOG0ft1UbrMjSDOiBh2aodGVl4=.e52c361b-b5c3-4968-9943-eeecdc024ea1@github.com>

On Tue, 2 Dec 2025 15:22:27 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:

>> @myankelev should I revert the suggested change?
>
> Nope, it's fine as it is now, but if you want you can remove this debug flag completely. It's up to you

Thanks @myankelev , i will update the PR.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2582026811

From myankelevich at openjdk.org  Tue Dec  2 16:54:45 2025
From: myankelevich at openjdk.org (Mikhail Yankelevich)
Date: Tue, 2 Dec 2025 16:54:45 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <o7nEHyXhWrmACIBu5Q8xAkwQSN55xOJNMzRonRmoyig=.6a2a275f-a7b0-48ac-861a-14df05b686b4@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <UkS8dlyxpkyf9UV-LyQMHVhuqmq1cY9lGBDz4tSxVjo=.1cf4a053-7f22-4d72-95cb-a92c346fb928@github.com>
 <o7nEHyXhWrmACIBu5Q8xAkwQSN55xOJNMzRonRmoyig=.6a2a275f-a7b0-48ac-861a-14df05b686b4@github.com>
Message-ID: <F4cXjTbazfQdj36CTwneuYBOfQdaLlU2hmte5axiFMw=.36ceedee-e793-458e-b1fb-f0c7a67ce2e2@github.com>

On Tue, 2 Dec 2025 16:46:29 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 110:
>> 
>>> 108: 
>>> 109:         SSLSocketFactory sf = new SimpleSSLContext().get().getSocketFactory();
>>> 110:         URL url = new URL("https://[::1]:" + serverPort + "/index.html");
>> 
>> Suggestion:
>> 
>>   URL url = 
>>           new URI("https://[::1]:" + serverPort + "/index.html").toURL();
>
> I think the block is better readable without it.

It's deprecated since version 20 I think

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2582045071

From dfuchs at openjdk.org  Tue Dec  2 17:01:09 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 2 Dec 2025 17:01:09 GMT
Subject: RFR: 8372951: The property jdk.httpclient.quic.maxBidiStreams should
 be renamed to jdk.internal
Message-ID: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>

The `jdk.httpclient.quic.maxBidiStreams` is an undocumented system property only used in tests. This property is only useful to control the default HTTP/3 test server implementation. It will never be documented or exposed. It should be clearly labelled as internal.
The HTTP/3 client always provide a value of 0 for the `initial_max_streams_bidi` transport parameter, so the default value that the quic stack uses internally to set the parameter if no value is provided is never used on the client side.

The `H3StreamLimitReachedTest` can be used to verify the change - it won't pass if the property is not correctly configured in the test.

I have also taken this opportunity to add comments to the `H3StreamLimitReachedTest` and the `StreamLimitTest`, to explain the logic of each test.

With this I believe that we can also say that this change will fix [JDK-8365794](https://bugs.openjdk.org/browse/JDK-8365794).

-------------

Commit messages:
 - rename maxBidiStreams property
 - fix CLASS_NAME constant
 - 8365794

Changes: https://git.openjdk.org/jdk/pull/28611/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28611&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8372951
  Stats: 62 lines in 4 files changed: 52 ins; 0 del; 10 mod
  Patch: https://git.openjdk.org/jdk/pull/28611.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28611/head:pull/28611

PR: https://git.openjdk.org/jdk/pull/28611

From schernyshev at openjdk.org  Tue Dec  2 17:14:15 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 17:14:15 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v3]
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <vFHloSQR1-vNkPTFKZN5wingXuhKipcwOITSWBKuL4w=.8ab2d609-d7d2-4bb2-bb4e-6a78bdb3c2a9@github.com>

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:

  addressed even more review comments

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28577/files
  - new: https://git.openjdk.org/jdk/pull/28577/files/c388c253..fdd0133d

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=01-02

  Stats: 60 lines in 1 file changed: 13 ins; 16 del; 31 mod
  Patch: https://git.openjdk.org/jdk/pull/28577.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28577/head:pull/28577

PR: https://git.openjdk.org/jdk/pull/28577

From schernyshev at openjdk.org  Tue Dec  2 17:14:16 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 17:14:16 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v2]
In-Reply-To: <F4cXjTbazfQdj36CTwneuYBOfQdaLlU2hmte5axiFMw=.36ceedee-e793-458e-b1fb-f0c7a67ce2e2@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <UkS8dlyxpkyf9UV-LyQMHVhuqmq1cY9lGBDz4tSxVjo=.1cf4a053-7f22-4d72-95cb-a92c346fb928@github.com>
 <o7nEHyXhWrmACIBu5Q8xAkwQSN55xOJNMzRonRmoyig=.6a2a275f-a7b0-48ac-861a-14df05b686b4@github.com>
 <F4cXjTbazfQdj36CTwneuYBOfQdaLlU2hmte5axiFMw=.36ceedee-e793-458e-b1fb-f0c7a67ce2e2@github.com>
Message-ID: <DilTo34JfquiZ5Hyn7LpHAPpXZqBJf5M1ba8eFDlWGc=.76d16332-7b6a-4827-9e89-74723dbc70f2@github.com>

On Tue, 2 Dec 2025 16:51:45 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:

>> I think the block is better readable without it.
>
> It's deprecated since version 20 I think

Ahh, ok, i read it wrong, apologies. URI is the modern one, exactly.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2582120479

From schernyshev at openjdk.org  Tue Dec  2 17:28:02 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Tue, 2 Dec 2025 17:28:02 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v4]
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <C8Rxgt9PYJ8sGevbN6lpB7TzDr1dBUPJQMvXLm7DhSo=.4b9cf913-6c85-4ebb-a2b4-d3ed953a3aa8@github.com>

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:

  addressed few more review comments

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28577/files
  - new: https://git.openjdk.org/jdk/pull/28577/files/fdd0133d..44ed7ddb

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=02-03

  Stats: 4 lines in 1 file changed: 0 ins; 1 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/28577.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28577/head:pull/28577

PR: https://git.openjdk.org/jdk/pull/28577

From mcimadamore at openjdk.org  Tue Dec  2 17:54:15 2025
From: mcimadamore at openjdk.org (Maurizio Cimadamore)
Date: Tue, 2 Dec 2025 17:54:15 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
In-Reply-To: <SwHx_atpaJJH61nyPYs6s8B-bAZzdL7IsNoOQRadiGg=.8319a405-d5d8-4240-b90d-3e8b30964053@github.com>
References: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
 <AvxdZJlyuZUh8a7q1xCN6DSQExHyS9m9CLTtgc9c1Bg=.06ff7be3-d968-4b79-8e1c-ccbce6ac0acd@github.com>
 <SwHx_atpaJJH61nyPYs6s8B-bAZzdL7IsNoOQRadiGg=.8319a405-d5d8-4240-b90d-3e8b30964053@github.com>
Message-ID: <5CMXCgWmWnuATMxROM1zVobe9dv-6FrwCN7hJHfC8dc=.e153adc5-f91f-4fba-9ffe-eced1ab9cac6@github.com>

On Mon, 1 Dec 2025 19:03:50 GMT, Stuart Monteith <smonteith at openjdk.org> wrote:

> That was my mistake - I expected that with the foreign ABI being merged, discussions on internals would have reverted to here.

In general they are -- but I find that one issue with PRs is that they tend to be very code-centric, whereas in some cases it might be useful to discuss design options more abstractly and _then_ converge towards an implementation. And doing design discussions via PR is suboptimal. But, you did right in bringing this up!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28575#issuecomment-3603277207

From myankelevich at openjdk.org  Tue Dec  2 23:30:12 2025
From: myankelevich at openjdk.org (Mikhail Yankelevich)
Date: Tue, 2 Dec 2025 23:30:12 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v4]
In-Reply-To: <C8Rxgt9PYJ8sGevbN6lpB7TzDr1dBUPJQMvXLm7DhSo=.4b9cf913-6c85-4ebb-a2b4-d3ed953a3aa8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <C8Rxgt9PYJ8sGevbN6lpB7TzDr1dBUPJQMvXLm7DhSo=.4b9cf913-6c85-4ebb-a2b4-d3ed953a3aa8@github.com>
Message-ID: <AwwCAuBcRffSeP05mST7W2sCE0vYab3WRU5EV8TSsUg=.9462ba82-1354-4d5d-996a-c57f8c0c1d76@github.com>

On Tue, 2 Dec 2025 17:28:02 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:
> 
>   addressed few more review comments

Marked as reviewed by myankelevich (Committer).

Thanks for considering me as a contributor to this ticket! I really appreciate it. 
I personally feel that my suggestions weren't extensive enough to require adding me as a contributor, so there is need for it unless you think it's appropriate.

Overall the ticket looks good, thank you for your updates!

-------------

PR Review: https://git.openjdk.org/jdk/pull/28577#pullrequestreview-3532544581
PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3604376915

From schernyshev at openjdk.org  Wed Dec  3 00:42:25 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Wed, 3 Dec 2025 00:42:25 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v5]
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:

  test that ipv4 literals do not propagate to the server names list

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28577/files
  - new: https://git.openjdk.org/jdk/pull/28577/files/44ed7ddb..5c78ce2c

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=04
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=03-04

  Stats: 30 lines in 1 file changed: 21 ins; 0 del; 9 mod
  Patch: https://git.openjdk.org/jdk/pull/28577.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28577/head:pull/28577

PR: https://git.openjdk.org/jdk/pull/28577

From schernyshev at openjdk.org  Wed Dec  3 00:42:27 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Wed, 3 Dec 2025 00:42:27 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v4]
In-Reply-To: <AwwCAuBcRffSeP05mST7W2sCE0vYab3WRU5EV8TSsUg=.9462ba82-1354-4d5d-996a-c57f8c0c1d76@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <C8Rxgt9PYJ8sGevbN6lpB7TzDr1dBUPJQMvXLm7DhSo=.4b9cf913-6c85-4ebb-a2b4-d3ed953a3aa8@github.com>
 <AwwCAuBcRffSeP05mST7W2sCE0vYab3WRU5EV8TSsUg=.9462ba82-1354-4d5d-996a-c57f8c0c1d76@github.com>
Message-ID: <LZwm4UozFDb-kK2x2JoO73y9stLD_em3m0jPCZXUb2I=.89433e0e-59e8-430e-a873-c3e60e8467d3@github.com>

On Tue, 2 Dec 2025 23:26:41 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   addressed few more review comments
>
> Thanks for considering me as a contributor to this ticket! I really appreciate it. 
> I personally feel that my suggestions weren't extensive enough to require adding me as a contributor, so there is need for it unless you think it's appropriate.
> 
> Overall the ticket looks good, thank you for your updates!

@myankelev Thank you for in-depth review.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3604526590

From schernyshev at openjdk.org  Wed Dec  3 00:42:28 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Wed, 3 Dec 2025 00:42:28 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v5]
In-Reply-To: <Mjjj0j9tUB5JYow7B2AUTM8bSdxAIRdzakhH0aE-Mjk=.8ae3faba-bbf7-4ee6-8493-df968bcb20a1@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <iLHJNpyE25UXOWhAInVLgScw1GKgNRp1kqa3tAOqPzg=.2d2c925a-20e1-477f-a83f-9e381efb9154@github.com>
 <PoeBw3wuGY9DfpYrIinzpo9-OPvv3KkSqi8iMl9c5nM=.8c999e41-2ae8-4e1d-9663-1e9d869875bc@github.com>
 <IHcL_eqNIg2ldJ3DvM1CqFcCgJHscX9C0MMreyo4XMc=.8bebe0db-6c3a-4d8c-96df-a33808aa680c@github.com>
 <5Xi3KzSpKO5zUPBdESbgG7zc7JQmTjwjWgyVxiqN3Ic=.2464c8db-275e-43b7-9893-4c7cefac9f0e@github.com>
 <Mjjj0j9tUB5JYow7B2AUTM8bSdxAIRdzakhH0aE-Mjk=.8ae3faba-bbf7-4ee6-8493-df968bcb20a1@github.com>
Message-ID: <0Mx2dW6pF5TeWOK9yE8NdzrU3tQaPrYbwGSIzrgLSE4=.94aee8c0-8aaa-4c30-b155-8b02431212e8@github.com>

On Tue, 2 Dec 2025 14:47:00 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> @djelinski would you think such a negative test is needed here?
>
>> On the other hand, should we then add a negative test with a certificate that doesn't have a SAN extension (or the 127.0.0.1 ipv4 address in it), that should fail in the HostnameVerifier when the 'https://127.0.0.1/' is requested?
> 
> No, such test would fail whether we use setServerNames or not.
> 
> I think @vy is asking for a check that the SSLParameters passed to SSLSocket#setSSLParameters have no serverNames configured. That should be reasonably easy to do.

@djelinski @vy We could check the SSL parameters of the internal SSLSocket if the wrapper socket factory passed the inner SSLSocket to the caller. Please take a look at the updated test.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2583227229

From djelinski at openjdk.org  Wed Dec  3 07:37:05 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 3 Dec 2025 07:37:05 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v5]
In-Reply-To: <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>
Message-ID: <Q9Z0WlGT3DWGyHVL926TMf2SWa5lWVVUk2cCcKSh-8M=.37c97ae2-9823-4c44-888b-ac64ff4c0cd3@github.com>

On Wed, 3 Dec 2025 00:42:25 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:
> 
>   test that ipv4 literals do not propagate to the server names list

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 103:

> 101:         OutputStream sslOS = sslSocket.getOutputStream();
> 102:         BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(sslOS));
> 103:         bw.write("HTTP/1.1 200 OK\r\n\r\n\r\n");

Suggestion:

        bw.write("HTTP/1.1 200 OK\r\n\r\n");

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 105:

> 103:         bw.write("HTTP/1.1 200 OK\r\n\r\n\r\n");
> 104:         bw.flush();
> 105:         sslSocket.close();

Now that you removed the Thread.sleep, you can't close the socket without reading the request off the input stream; it will cause intermittent connection reset failures on Windows. You can use the [readOneRequest method](https://github.com/openjdk/jdk/blob/530493fed4066b1efcf3ec22253b110495767eca/test/jdk/sun/net/www/http/HttpClient/CookieHttpClientTest.java#L77-L89).

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 122:

> 120:         if (!ready) {
> 121:             throw new RuntimeException("Server timed out.");
> 122:         }

Suggestion:

        serverReady.await();

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2583948756
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2583948186
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2583955178

From alanb at openjdk.org  Wed Dec  3 08:29:31 2025
From: alanb at openjdk.org (Alan Bateman)
Date: Wed, 3 Dec 2025 08:29:31 GMT
Subject: RFR: 8372958: SocketInputStream.read throws SocketException instead of
 returning -1 when input shutdown
Message-ID: <GaLP4PIxh1i_2it9r7KKXqexyLQwxgmKFGgF-1KpqLo=.18afd2b4-539e-4ef4-90fb-e68e00411961@github.com>

Invoking Socket.shutdownInput at around the same time that another thread is attempts to read or is blocked in read on the same Socket has always been problematic on Windows. For virtual threads, the read may fail with a SocketException exception like "A request to send or receive data was disallowed because the socket had already been shut down in that direction with a previous shutdown call". The change proposed here to change the SocketImpl to handle the async shutdownInput and cause read to return -1. 

Tests for async shutdownInput and shutdownOutput are added to BlockingSocketsOps. Some minor drive by clean-up to use a value source for the tests that exercise both untimed and timed cases. Similar cleanup in BlockingChannelOps as it tests the socket adapters doing both untimed and timed reads. The existing test for async shutdown with platform threads is migrated to JUnit as part of the change.

Testing: tier1 + tier2, test repeat runs of the modified tests to ensure they are stable.

-------------

Commit messages:
 - Initial commit

Changes: https://git.openjdk.org/jdk/pull/28626/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28626&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8372958
  Stats: 328 lines in 4 files changed: 98 ins; 160 del; 70 mod
  Patch: https://git.openjdk.org/jdk/pull/28626.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28626/head:pull/28626

PR: https://git.openjdk.org/jdk/pull/28626

From vyazici at openjdk.org  Wed Dec  3 08:53:41 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Wed, 3 Dec 2025 08:53:41 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v5]
In-Reply-To: <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>
Message-ID: <nXnm1q0yP2LiNLSMs5edUmS1vuw_SDNoL67zcyMVJpU=.f0006fac-ecc5-4202-9eee-176efe7a8bb1@github.com>

On Wed, 3 Dec 2025 00:42:25 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:
> 
>   test that ipv4 literals do not propagate to the server names list

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 31:

> 29:  * @library /test/lib
> 30:  * @comment Insert -Djavax.net.debug=all into the following lines to enable SSL debugging
> 31:  * @run main/othervm SubjectAltNameIPv6 127.0.0.1

Since we also test against IPv4, I'd remove the mention of IPv6 from the class name (e.g., `SubjectAltNameIP`) and `@summary`.

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 136:

> 134:          */
> 135:         conn.setSSLSocketFactory(wrapSocketFactory(sf,
> 136:                 sslSocket -> clientSSLSocket = sslSocket));

Shall we first assert that `clientSSLSocket == null` before assignment?

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 140:

> 138: 
> 139:         var sniSN = clientSSLSocket.getSSLParameters().getServerNames();
> 140:         if( sniSN != null && !sniSN.isEmpty()) {

`if( sniSN` ? `if (sniSN`

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 152:

> 150:     public static void main(String[] args) throws Exception {
> 151: 
> 152:         if (!IPSupport.hasIPv6()) {

Suggestion:

        if (IPAddressUtil.isIPv6LiteralAddress(args[0]) && !IPSupport.hasIPv6()) {


Note that you need to import `sun.net.util.IPAddressUtil` first.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2584149111
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2584153074
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2584160215
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2584176475

From djelinski at openjdk.org  Wed Dec  3 10:47:40 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 3 Dec 2025 10:47:40 GMT
Subject: RFR: 8372958: SocketInputStream.read throws SocketException
 instead of returning -1 when input shutdown
In-Reply-To: <GaLP4PIxh1i_2it9r7KKXqexyLQwxgmKFGgF-1KpqLo=.18afd2b4-539e-4ef4-90fb-e68e00411961@github.com>
References: <GaLP4PIxh1i_2it9r7KKXqexyLQwxgmKFGgF-1KpqLo=.18afd2b4-539e-4ef4-90fb-e68e00411961@github.com>
Message-ID: <T1TCCux8vrTmEMUKIjeiFZjUEa5kCJ1attn6P65MDMQ=.f7651409-e9ef-47b8-80b3-07509a44497b@github.com>

On Wed, 3 Dec 2025 07:47:40 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> Invoking Socket.shutdownInput at around the same time that another thread is attempts to read or is blocked in read on the same Socket has always been problematic on Windows. For virtual threads, the read may fail with a SocketException exception like "A request to send or receive data was disallowed because the socket had already been shut down in that direction with a previous shutdown call". The change proposed here to change the SocketImpl to handle the async shutdownInput and cause read to return -1. 
> 
> Tests for async shutdownInput and shutdownOutput are added to BlockingSocketsOps. Some minor drive by clean-up to use a value source for the tests that exercise both untimed and timed cases. Similar cleanup in BlockingChannelOps as it tests the socket adapters doing both untimed and timed reads. The existing test for async shutdown with platform threads is migrated to JUnit as part of the change.
> 
> Testing: tier1 + tier2, test repeat runs of the modified tests to ensure they are stable.

Marked as reviewed by djelinski (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28626#pullrequestreview-3534415275

From michaelm at openjdk.org  Wed Dec  3 11:17:38 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Wed, 3 Dec 2025 11:17:38 GMT
Subject: RFR: 8372958: SocketInputStream.read throws SocketException
 instead of returning -1 when input shutdown
In-Reply-To: <GaLP4PIxh1i_2it9r7KKXqexyLQwxgmKFGgF-1KpqLo=.18afd2b4-539e-4ef4-90fb-e68e00411961@github.com>
References: <GaLP4PIxh1i_2it9r7KKXqexyLQwxgmKFGgF-1KpqLo=.18afd2b4-539e-4ef4-90fb-e68e00411961@github.com>
Message-ID: <NrWJxK8ec71RFjhR4QGmkK5VtAk2E-cAkBGPUWBJqmk=.f46b655b-8222-4572-9297-9b51f5b04707@github.com>

On Wed, 3 Dec 2025 07:47:40 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> Invoking Socket.shutdownInput at around the same time that another thread is attempts to read or is blocked in read on the same Socket has always been problematic on Windows. For virtual threads, the read may fail with a SocketException exception like "A request to send or receive data was disallowed because the socket had already been shut down in that direction with a previous shutdown call". The change proposed here to change the SocketImpl to handle the async shutdownInput and cause read to return -1. 
> 
> Tests for async shutdownInput and shutdownOutput are added to BlockingSocketsOps. Some minor drive by clean-up to use a value source for the tests that exercise both untimed and timed cases. Similar cleanup in BlockingChannelOps as it tests the socket adapters doing both untimed and timed reads. The existing test for async shutdown with platform threads is migrated to JUnit as part of the change.
> 
> Testing: tier1 + tier2, test repeat runs of the modified tests to ensure they are stable.

Looks fine

-------------

Marked as reviewed by michaelm (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28626#pullrequestreview-3534557280

From duke at openjdk.org  Wed Dec  3 12:16:44 2025
From: duke at openjdk.org (EunHyunsu)
Date: Wed, 3 Dec 2025 12:16:44 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code
Message-ID: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>

### Problem

  When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.

  ### Solution

  Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:

  1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
  2. **Preserves** error code and debug data in exception messages
  3. **Categorizes** streams based on `lastStreamId`:
     - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
     - Streams with ID ? `lastStreamId`: Failed with detailed error information

  ### Changes

  **Core Implementation** (`Http2Connection.java`):
  - Modified `handleGoAway()` to check error code and route appropriately
  - Added `handleGoAwayWithError()` method that:
    - Extracts error code and debug data from GOAWAY frame
    - Creates meaningful error messages with error name, hex code, and debug data
    - Properly categorizes streams for retry or failure

  **Test Infrastructure**:
  - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
  - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
  - `GoAwayWithErrorTest`: Verifies proper error propagation

  ### Example

  **Before:**
  IOException: Connection closed by peer

  **After:**
  IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame

  ### Testing

  - New `GoAwayWithErrorTest` passes
  - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
  - Backward compatible (no public API changes)

-------------

Commit messages:
 - 8371903: Preserve error code and debug data from HTTP/2 GOAWAY frames

Changes: https://git.openjdk.org/jdk/pull/28632/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8371903
  Stats: 292 lines in 4 files changed: 290 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28632.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28632/head:pull/28632

PR: https://git.openjdk.org/jdk/pull/28632

From jpai at openjdk.org  Wed Dec  3 12:44:30 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Wed, 3 Dec 2025 12:44:30 GMT
Subject: RFR: 8372951: The property jdk.httpclient.quic.maxBidiStreams
 should be renamed to jdk.internal
In-Reply-To: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>
References: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>
Message-ID: <lKGm6W4JrHnr8OJ8PahIU6v1f3HXtpSCr6pS8z7EhHY=.ce5ba3cb-ba92-4cb1-82d7-a2866781c978@github.com>

On Tue, 2 Dec 2025 16:53:23 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The `jdk.httpclient.quic.maxBidiStreams` is an undocumented system property only used in tests. This property is only useful to control the default HTTP/3 test server implementation. It will never be documented or exposed. It should be clearly labelled as internal.
> The HTTP/3 client always provide a value of 0 for the `initial_max_streams_bidi` transport parameter, so the default value that the quic stack uses internally to set the parameter if no value is provided is never used on the client side.
> 
> The `H3StreamLimitReachedTest` can be used to verify the change - it won't pass if the property is not correctly configured in the test.
> 
> I have also taken this opportunity to add comments to the `H3StreamLimitReachedTest` and the `StreamLimitTest`, to explain the logic of each test.
> 
> With this I believe that we can also say that this change will fix [JDK-8365794](https://bugs.openjdk.org/browse/JDK-8365794).

src/java.net.http/share/classes/jdk/internal/net/http/quic/QuicConnectionImpl.java line 179:

> 177:     // The default value for the max_idle_timeout transport parameter that a QuicConnectionImpl
> 178:     // will send to its peer, if no value is provided by the higher level protocol.
> 179:     public static final int DEFAULT_MAX_INITIAL_TIMEOUT = Math.clamp(

Hello Daniel, I think this comment is an oversight. This `DEFAULT_MAX_INITIAL_TIMEOUT` and the corresponding property control the maximum amount of time we wait for the connection attempt, against a server, to respond with an `INITIAL` packet. It doesn't control the idle timeout transport parameter.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28611#discussion_r2584956772

From jpai at openjdk.org  Wed Dec  3 12:52:07 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Wed, 3 Dec 2025 12:52:07 GMT
Subject: RFR: 8372951: The property jdk.httpclient.quic.maxBidiStreams
 should be renamed to jdk.internal
In-Reply-To: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>
References: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>
Message-ID: <P5YHnkXGBCK-inGmX75yGuXRjdH7_1CgfQZrwFbEraQ=.804b0c72-46e4-4de9-98ad-a939b5fb9baf@github.com>

On Tue, 2 Dec 2025 16:53:23 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The `jdk.httpclient.quic.maxBidiStreams` is an undocumented system property only used in tests. This property is only useful to control the default HTTP/3 test server implementation. It will never be documented or exposed. It should be clearly labelled as internal.
> The HTTP/3 client always provide a value of 0 for the `initial_max_streams_bidi` transport parameter, so the default value that the quic stack uses internally to set the parameter if no value is provided is never used on the client side.
> 
> The `H3StreamLimitReachedTest` can be used to verify the change - it won't pass if the property is not correctly configured in the test.
> 
> I have also taken this opportunity to add comments to the `H3StreamLimitReachedTest` and the `StreamLimitTest`, to explain the logic of each test.
> 
> With this I believe that we can also say that this change will fix [JDK-8365794](https://bugs.openjdk.org/browse/JDK-8365794).

test/jdk/java/net/httpclient/http3/H3StreamLimitReachedTest.java line 43:

> 41:  *          for the retry.
> 42:  * @bug 8372951
> 43:  * @comment this test also tests bug 8372951

Nit - i think we can remove these `@comment` lines because the `@bug` already states that this tests `8372951`. If we do retain this comment line, then it would mean we have to keep updating it (along with `@bug` every time there a new bug fix this test verifies).

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28611#discussion_r2584987591

From alanb at openjdk.org  Wed Dec  3 13:07:13 2025
From: alanb at openjdk.org (Alan Bateman)
Date: Wed, 3 Dec 2025 13:07:13 GMT
Subject: RFR: 8372958: SocketInputStream.read throws SocketException
 instead of returning -1 when input shutdown
In-Reply-To: <GaLP4PIxh1i_2it9r7KKXqexyLQwxgmKFGgF-1KpqLo=.18afd2b4-539e-4ef4-90fb-e68e00411961@github.com>
References: <GaLP4PIxh1i_2it9r7KKXqexyLQwxgmKFGgF-1KpqLo=.18afd2b4-539e-4ef4-90fb-e68e00411961@github.com>
Message-ID: <4u1usvCrVhEfW4p182tW_JOvUixWgdgn2ydN4AMbdt0=.22bbf4d8-74ca-41fd-ae47-ff3781bbad3d@github.com>

On Wed, 3 Dec 2025 07:47:40 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> Invoking Socket.shutdownInput at around the same time that another thread attempts to read or is blocked in read on the same Socket has always been problematic on Windows. For virtual threads, the read may fail with a SocketException exception like "A request to send or receive data was disallowed because the socket had already been shut down in that direction with a previous shutdown call". The change proposed here to change the SocketImpl to handle the async shutdownInput and cause read to return -1. 
> 
> Tests for async shutdownInput and shutdownOutput are added to BlockingSocketsOps. Some minor drive by clean-up to use a value source for the tests that exercise both untimed and timed cases. Similar cleanup in BlockingChannelOps as it tests the socket adapters doing both untimed and timed reads. The existing test for async shutdown with platform threads is migrated to JUnit as part of the change.
> 
> Testing: tier1 + tier2, test repeat runs of the modified tests to ensure they are stable.

Thanks for quick review.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28626#issuecomment-3606752964

From alanb at openjdk.org  Wed Dec  3 13:07:14 2025
From: alanb at openjdk.org (Alan Bateman)
Date: Wed, 3 Dec 2025 13:07:14 GMT
Subject: Integrated: 8372958: SocketInputStream.read throws SocketException
 instead of returning -1 when input shutdown
In-Reply-To: <GaLP4PIxh1i_2it9r7KKXqexyLQwxgmKFGgF-1KpqLo=.18afd2b4-539e-4ef4-90fb-e68e00411961@github.com>
References: <GaLP4PIxh1i_2it9r7KKXqexyLQwxgmKFGgF-1KpqLo=.18afd2b4-539e-4ef4-90fb-e68e00411961@github.com>
Message-ID: <R5N70xfj3pcz8byZkYylB_iuLAj9QG7gJ6Nl34Zjko4=.0e946bb1-26a1-42f5-9c7a-12238b75ad9b@github.com>

On Wed, 3 Dec 2025 07:47:40 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> Invoking Socket.shutdownInput at around the same time that another thread attempts to read or is blocked in read on the same Socket has always been problematic on Windows. For virtual threads, the read may fail with a SocketException exception like "A request to send or receive data was disallowed because the socket had already been shut down in that direction with a previous shutdown call". The change proposed here to change the SocketImpl to handle the async shutdownInput and cause read to return -1. 
> 
> Tests for async shutdownInput and shutdownOutput are added to BlockingSocketsOps. Some minor drive by clean-up to use a value source for the tests that exercise both untimed and timed cases. Similar cleanup in BlockingChannelOps as it tests the socket adapters doing both untimed and timed reads. The existing test for async shutdown with platform threads is migrated to JUnit as part of the change.
> 
> Testing: tier1 + tier2, test repeat runs of the modified tests to ensure they are stable.

This pull request has now been integrated.

Changeset: afb6a0c2
Author:    Alan Bateman <alanb at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/afb6a0c2fecdb2114715290d5d463c9dccf93c28
Stats:     328 lines in 4 files changed: 98 ins; 160 del; 70 mod

8372958: SocketInputStream.read throws SocketException instead of returning -1 when input shutdown

Reviewed-by: djelinski, michaelm

-------------

PR: https://git.openjdk.org/jdk/pull/28626

From dfuchs at openjdk.org  Wed Dec  3 14:10:15 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 3 Dec 2025 14:10:15 GMT
Subject: RFR: 8372951: The property jdk.httpclient.quic.maxBidiStreams
 should be renamed to jdk.internal
In-Reply-To: <P5YHnkXGBCK-inGmX75yGuXRjdH7_1CgfQZrwFbEraQ=.804b0c72-46e4-4de9-98ad-a939b5fb9baf@github.com>
References: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>
 <P5YHnkXGBCK-inGmX75yGuXRjdH7_1CgfQZrwFbEraQ=.804b0c72-46e4-4de9-98ad-a939b5fb9baf@github.com>
Message-ID: <fxH9-O--IBj8rFVPqKXb8LvdyN3pdmR9Oa7OCRW0XFA=.eefd1188-b7e8-430f-a31d-f468b634edf1@github.com>

On Wed, 3 Dec 2025 12:49:31 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> The `jdk.httpclient.quic.maxBidiStreams` is an undocumented system property only used in tests. This property is only useful to control the default HTTP/3 test server implementation. It will never be documented or exposed. It should be clearly labelled as internal.
>> The HTTP/3 client always provide a value of 0 for the `initial_max_streams_bidi` transport parameter, so the default value that the quic stack uses internally to set the parameter if no value is provided is never used on the client side.
>> 
>> The `H3StreamLimitReachedTest` can be used to verify the change - it won't pass if the property is not correctly configured in the test.
>> 
>> I have also taken this opportunity to add comments to the `H3StreamLimitReachedTest` and the `StreamLimitTest`, to explain the logic of each test.
>> 
>> With this I believe that we can also say that this change will fix [JDK-8365794](https://bugs.openjdk.org/browse/JDK-8365794).
>
> test/jdk/java/net/httpclient/http3/H3StreamLimitReachedTest.java line 43:
> 
>> 41:  *          for the retry.
>> 42:  * @bug 8372951
>> 43:  * @comment this test also tests bug 8372951
> 
> Nit - i think we can remove these `@comment` lines because the `@bug` already states that this tests `8372951`. If we do retain this comment line, then it would mean we have to keep updating it (along with `@bug` every time there a new bug fix this test verifies).

There was no `@bug` comment before, so I didn't want to give the impression that this test only tested  `@bug 8372951`. This is just an indication that it can also be used to test this particular fix

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28611#discussion_r2585267179

From dfuchs at openjdk.org  Wed Dec  3 14:14:10 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 3 Dec 2025 14:14:10 GMT
Subject: RFR: 8372951: The property jdk.httpclient.quic.maxBidiStreams
 should be renamed to jdk.internal [v2]
In-Reply-To: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>
References: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>
Message-ID: <8ycLk_uNIvpq6xs2LVxkNR68cIur5zY4zolZgXMHZbg=.86e20334-296a-4663-ab67-b8b246dec3c5@github.com>

> The `jdk.httpclient.quic.maxBidiStreams` is an undocumented system property only used in tests. This property is only useful to control the default HTTP/3 test server implementation. It will never be documented or exposed. It should be clearly labelled as internal.
> The HTTP/3 client always provide a value of 0 for the `initial_max_streams_bidi` transport parameter, so the default value that the quic stack uses internally to set the parameter if no value is provided is never used on the client side.
> 
> The `H3StreamLimitReachedTest` can be used to verify the change - it won't pass if the property is not correctly configured in the test.
> 
> I have also taken this opportunity to add comments to the `H3StreamLimitReachedTest` and the `StreamLimitTest`, to explain the logic of each test.
> 
> With this I believe that we can also say that this change will fix [JDK-8365794](https://bugs.openjdk.org/browse/JDK-8365794).

Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains five additional commits since the last revision:

 - review feedback update wrong comment
 - Merge branch 'master' into StreamLimitTest-8372951
 - rename maxBidiStreams property
 - fix CLASS_NAME constant
 - 8365794

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28611/files
  - new: https://git.openjdk.org/jdk/pull/28611/files/a8d416c7..c0448d88

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28611&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28611&range=00-01

  Stats: 1953 lines in 55 files changed: 1284 ins; 251 del; 418 mod
  Patch: https://git.openjdk.org/jdk/pull/28611.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28611/head:pull/28611

PR: https://git.openjdk.org/jdk/pull/28611

From jpai at openjdk.org  Wed Dec  3 15:07:57 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Wed, 3 Dec 2025 15:07:57 GMT
Subject: RFR: 8372951: The property jdk.httpclient.quic.maxBidiStreams
 should be renamed to jdk.internal [v2]
In-Reply-To: <8ycLk_uNIvpq6xs2LVxkNR68cIur5zY4zolZgXMHZbg=.86e20334-296a-4663-ab67-b8b246dec3c5@github.com>
References: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>
 <8ycLk_uNIvpq6xs2LVxkNR68cIur5zY4zolZgXMHZbg=.86e20334-296a-4663-ab67-b8b246dec3c5@github.com>
Message-ID: <MKRp-C9ojND28KS9dmzxs-e0GZeEx-XHzbFLA1GJnFA=.954ef51b-6f7c-48bc-b105-5c8f6c7d1b81@github.com>

On Wed, 3 Dec 2025 14:14:10 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> The `jdk.httpclient.quic.maxBidiStreams` is an undocumented system property only used in tests. This property is only useful to control the default HTTP/3 test server implementation. It will never be documented or exposed. It should be clearly labelled as internal.
>> The HTTP/3 client always provide a value of 0 for the `initial_max_streams_bidi` transport parameter, so the default value that the quic stack uses internally to set the parameter if no value is provided is never used on the client side.
>> 
>> The `H3StreamLimitReachedTest` can be used to verify the change - it won't pass if the property is not correctly configured in the test.
>> 
>> I have also taken this opportunity to add comments to the `H3StreamLimitReachedTest` and the `StreamLimitTest`, to explain the logic of each test.
>> 
>> With this I believe that we can also say that this change will fix [JDK-8365794](https://bugs.openjdk.org/browse/JDK-8365794).
>
> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains five additional commits since the last revision:
> 
>  - review feedback update wrong comment
>  - Merge branch 'master' into StreamLimitTest-8372951
>  - rename maxBidiStreams property
>  - fix CLASS_NAME constant
>  - 8365794

Marked as reviewed by jpai (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28611#pullrequestreview-3535508394

From dfuchs at openjdk.org  Wed Dec  3 15:36:56 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 3 Dec 2025 15:36:56 GMT
Subject: Integrated: 8372951: The property jdk.httpclient.quic.maxBidiStreams
 should be renamed to jdk.internal
In-Reply-To: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>
References: <_11WiMsb0ZfpYvClQjH87a6YE2kDYNlhpOVPOVT5ghs=.92a35317-712f-46f2-8f78-9f8e87ddb38d@github.com>
Message-ID: <zJW51cTwd9CkvCOvP_ne6d8r63t46TlO_OoAxUgJwhg=.330e2c71-8e7c-4eff-b818-bf0b0da1a558@github.com>

On Tue, 2 Dec 2025 16:53:23 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The `jdk.httpclient.quic.maxBidiStreams` is an undocumented system property only used in tests. This property is only useful to control the default HTTP/3 test server implementation. It will never be documented or exposed. It should be clearly labelled as internal.
> The HTTP/3 client always provide a value of 0 for the `initial_max_streams_bidi` transport parameter, so the default value that the quic stack uses internally to set the parameter if no value is provided is never used on the client side.
> 
> The `H3StreamLimitReachedTest` can be used to verify the change - it won't pass if the property is not correctly configured in the test.
> 
> I have also taken this opportunity to add comments to the `H3StreamLimitReachedTest` and the `StreamLimitTest`, to explain the logic of each test.
> 
> With this I believe that we can also say that this change will fix [JDK-8365794](https://bugs.openjdk.org/browse/JDK-8365794).

This pull request has now been integrated.

Changeset: af8977e4
Author:    Daniel Fuchs <dfuchs at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/af8977e40661db2edec069d524f7c9352c7de850
Stats:     61 lines in 4 files changed: 51 ins; 0 del; 10 mod

8372951: The property jdk.httpclient.quic.maxBidiStreams should be renamed to jdk.internal
8365794: StreamLimitTest vs H3StreamLimitReachedTest: consider renaming or merging

Reviewed-by: jpai

-------------

PR: https://git.openjdk.org/jdk/pull/28611

From schernyshev at openjdk.org  Wed Dec  3 15:44:25 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Wed, 3 Dec 2025 15:44:25 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v5]
In-Reply-To: <nXnm1q0yP2LiNLSMs5edUmS1vuw_SDNoL67zcyMVJpU=.f0006fac-ecc5-4202-9eee-176efe7a8bb1@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>
 <nXnm1q0yP2LiNLSMs5edUmS1vuw_SDNoL67zcyMVJpU=.f0006fac-ecc5-4202-9eee-176efe7a8bb1@github.com>
Message-ID: <nDLXxbhBvgcWPG1viDVOrmzRoUDrQZE5uiZ5o_8tKMg=.eb1f168a-4e97-4c3f-8a5d-d872cc0fb044@github.com>

On Wed, 3 Dec 2025 08:44:05 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   test that ipv4 literals do not propagate to the server names list
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 136:
> 
>> 134:          */
>> 135:         conn.setSSLSocketFactory(wrapSocketFactory(sf,
>> 136:                 sslSocket -> clientSSLSocket = sslSocket));
> 
> Shall we first assert that `clientSSLSocket == null` before assignment?

The method `doClientSide()` is called from constructor, the `clientSSLSocket` is non-static and was set to `null`. Therefore, it's the only assignment of clientSSLSocket per instance. Or do you mean the check must be in the the lambda-expr?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2585626177

From djelinski at openjdk.org  Wed Dec  3 16:05:08 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 3 Dec 2025 16:05:08 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <1EgQoadGiJ4NAm07EGqJUEFaKeQ6ux5cOoqvKsg0bZc=.810857ae-e80e-49f1-a466-e3c280b0cbba@github.com>

On Wed, 3 Dec 2025 12:08:33 GMT, EunHyunsu <duke at openjdk.org> wrote:

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

src/java.net.http/share/classes/jdk/internal/net/http/Http2Connection.java line 1481:

> 1479:                 // Stream was being processed - fail it with the connection error
> 1480:                 final IOException error = new IOException(errorMsg);
> 1481:                 stream.connectionClosing(error);

Suggestion:

                stream.connectionClosing(cause.getCloseCause());

test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 173:

> 171:                 System.out.println("Handler: sending GOAWAY(PROTOCOL_ERROR) and closing connection");
> 172: 
> 173:                 impl.getServerConnection().sendGoAway(Integer.MAX_VALUE, PROTOCOL_ERROR, DEBUG_DATA);

Please add a test to verify that the requests above lastStreamId are retried

test/jdk/java/net/httpclient/lib/jdk/httpclient/test/lib/http2/Http2TestServerConnection.java line 283:

> 281:      * @throws IOException if an I/O error occurs
> 282:      */
> 283:     public void sendGoAway(int lastStreamId, int errorCode, byte[] debugData) throws IOException {

please merge this method with the other sendGoAway (make the other one call this one?)

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2585342808
PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2585689936
PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2585370317

From vyazici at openjdk.org  Wed Dec  3 19:14:11 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Wed, 3 Dec 2025 19:14:11 GMT
Subject: RFR: 8208693: HttpClient: Extend the request timeout's scope to
 cover the response body [v16]
In-Reply-To: <SFmAb-H_ju6V1LUgVA7QYcKPZPE8W8CkhdxCAM6rEBs=.6235a0cd-68d8-4343-81e8-7cc5a6634387@github.com>
References: <SFmAb-H_ju6V1LUgVA7QYcKPZPE8W8CkhdxCAM6rEBs=.6235a0cd-68d8-4343-81e8-7cc5a6634387@github.com>
Message-ID: <Fx3kEN0xIlpu5aRtzJloOzqRALeFZvUSJqPWOG99h2c=.6838a9eb-87ee-4adf-a4c4-574b3b0e950d@github.com>

> Currently `HttpRequest::timeout` only applies until the response headers are received. Extend its scope to also cover the consumption of the response body.
> 
> ### Review guidelines
> 
> 1. Read _"the fix"_ in `MultiExchange`
> 2. Skim through the test server *handler* in `TimeoutResponseTestSupport`
> 3. Review first `TimeoutResponseHeaderTest`, and then `TimeoutResponseBodyTest` (Mind the multiple `@test` blocks!)

Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 42 commits:

 - Merge remote-tracking branch 'upstream/master' into respBodyTime
 - Update JavaDocs to match the spec
 - Move `cancelTimerOnResponseBodySubscriberTermination` to `ExchangeImpl`
 - Exclude disallowed timer cancellations
 - Merge remote-tracking branch 'upstream/master' into respBodyTime
 - Cancel timer right away if response body is not permitted
 - Configure timeout for the `WebSocketTest`
 - Use `var`
 - Clarify WebSocket behaviour and test it
 - Verify no lingering response timers
 - ... and 32 more: https://git.openjdk.org/jdk/compare/7278d2e8...5f99578a

-------------

Changes: https://git.openjdk.org/jdk/pull/27469/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27469&range=15
  Stats: 1093 lines in 15 files changed: 1068 ins; 5 del; 20 mod
  Patch: https://git.openjdk.org/jdk/pull/27469.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/27469/head:pull/27469

PR: https://git.openjdk.org/jdk/pull/27469

From vyazici at openjdk.org  Wed Dec  3 19:56:09 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Wed, 3 Dec 2025 19:56:09 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v5]
In-Reply-To: <nDLXxbhBvgcWPG1viDVOrmzRoUDrQZE5uiZ5o_8tKMg=.eb1f168a-4e97-4c3f-8a5d-d872cc0fb044@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>
 <nXnm1q0yP2LiNLSMs5edUmS1vuw_SDNoL67zcyMVJpU=.f0006fac-ecc5-4202-9eee-176efe7a8bb1@github.com>
 <nDLXxbhBvgcWPG1viDVOrmzRoUDrQZE5uiZ5o_8tKMg=.eb1f168a-4e97-4c3f-8a5d-d872cc0fb044@github.com>
Message-ID: <YAPM5blxlyplQB-Fvc3zyL7X7vBi9VFvMxX74RQxJgc=.429028e6-ba15-4408-a555-a1d292c300fb@github.com>

On Wed, 3 Dec 2025 15:41:58 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 136:
>> 
>>> 134:          */
>>> 135:         conn.setSSLSocketFactory(wrapSocketFactory(sf,
>>> 136:                 sslSocket -> clientSSLSocket = sslSocket));
>> 
>> Shall we first assert that `clientSSLSocket == null` before assignment?
>
> The method `doClientSide()` is called from constructor, the `clientSSLSocket` is non-static and was set to `null`. Therefore, it's the only assignment of clientSSLSocket per instance. Or do you mean the check must be in the the lambda-expr?

I mean something like:

Suggestion:

                sslSocket -> {
                    assertNull(clientSSLSocket);
                    clientSSLSocket = sslSocket;
                }));


To avoid double-assignment and eventually causing verification of the wrong value.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2586419546

From jpai at openjdk.org  Thu Dec  4 01:47:02 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 4 Dec 2025 01:47:02 GMT
Subject: RFR: 8208693: HttpClient: Extend the request timeout's scope to
 cover the response body [v16]
In-Reply-To: <Fx3kEN0xIlpu5aRtzJloOzqRALeFZvUSJqPWOG99h2c=.6838a9eb-87ee-4adf-a4c4-574b3b0e950d@github.com>
References: <SFmAb-H_ju6V1LUgVA7QYcKPZPE8W8CkhdxCAM6rEBs=.6235a0cd-68d8-4343-81e8-7cc5a6634387@github.com>
 <Fx3kEN0xIlpu5aRtzJloOzqRALeFZvUSJqPWOG99h2c=.6838a9eb-87ee-4adf-a4c4-574b3b0e950d@github.com>
Message-ID: <S6x_8IVOCA8Q4lHU8V3SkSz1EKDDwmUU8dhUR2_VxSI=.f119bb1e-c5f5-4bd9-b1b7-65479b5586cd@github.com>

On Wed, 3 Dec 2025 19:14:11 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Currently `HttpRequest::timeout` only applies until the response headers are received. Extend its scope to also cover the consumption of the response body.
>> 
>> ### Review guidelines
>> 
>> 1. Read _"the fix"_ in `MultiExchange`
>> 2. Skim through the test server *handler* in `TimeoutResponseTestSupport`
>> 3. Review first `TimeoutResponseHeaderTest`, and then `TimeoutResponseBodyTest` (Mind the multiple `@test` blocks!)
>
> Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 42 commits:
> 
>  - Merge remote-tracking branch 'upstream/master' into respBodyTime
>  - Update JavaDocs to match the spec
>  - Move `cancelTimerOnResponseBodySubscriberTermination` to `ExchangeImpl`
>  - Exclude disallowed timer cancellations
>  - Merge remote-tracking branch 'upstream/master' into respBodyTime
>  - Cancel timer right away if response body is not permitted
>  - Configure timeout for the `WebSocketTest`
>  - Use `var`
>  - Clarify WebSocket behaviour and test it
>  - Verify no lingering response timers
>  - ... and 32 more: https://git.openjdk.org/jdk/compare/7278d2e8...5f99578a

The updated text looks good to me.

-------------

Marked as reviewed by jpai (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/27469#pullrequestreview-3537553541

From vyazici at openjdk.org  Thu Dec  4 09:43:23 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 4 Dec 2025 09:43:23 GMT
Subject: RFR: 8208693: HttpClient: Extend the request timeout's scope to
 cover the response body [v16]
In-Reply-To: <Fx3kEN0xIlpu5aRtzJloOzqRALeFZvUSJqPWOG99h2c=.6838a9eb-87ee-4adf-a4c4-574b3b0e950d@github.com>
References: <SFmAb-H_ju6V1LUgVA7QYcKPZPE8W8CkhdxCAM6rEBs=.6235a0cd-68d8-4343-81e8-7cc5a6634387@github.com>
 <Fx3kEN0xIlpu5aRtzJloOzqRALeFZvUSJqPWOG99h2c=.6838a9eb-87ee-4adf-a4c4-574b3b0e950d@github.com>
Message-ID: <hNr3XUjWGA-k9Ysbhvkod-ynI1iwRieLDRXZDh_k9BQ=.8a27ea18-3b51-4ddb-a60c-76b77a38968b@github.com>

On Wed, 3 Dec 2025 19:14:11 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Currently `HttpRequest::timeout` only applies until the response headers are received. Extend its scope to also cover the consumption of the response body.
>> 
>> ### Review guidelines
>> 
>> 1. Read _"the fix"_ in `MultiExchange`
>> 2. Skim through the test server *handler* in `TimeoutResponseTestSupport`
>> 3. Review first `TimeoutResponseHeaderTest`, and then `TimeoutResponseBodyTest` (Mind the multiple `@test` blocks!)
>
> Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 42 commits:
> 
>  - Merge remote-tracking branch 'upstream/master' into respBodyTime
>  - Update JavaDocs to match the spec
>  - Move `cancelTimerOnResponseBodySubscriberTermination` to `ExchangeImpl`
>  - Exclude disallowed timer cancellations
>  - Merge remote-tracking branch 'upstream/master' into respBodyTime
>  - Cancel timer right away if response body is not permitted
>  - Configure timeout for the `WebSocketTest`
>  - Use `var`
>  - Clarify WebSocket behaviour and test it
>  - Verify no lingering response timers
>  - ... and 32 more: https://git.openjdk.org/jdk/compare/7278d2e8...5f99578a

This one was a difficult surgery.
Thanks to all reviewers ? in particular, @dfuch ? ? for their kind support and assistance.
Tier 1-2 is clear.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/27469#issuecomment-3611118691

From vyazici at openjdk.org  Thu Dec  4 09:43:26 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 4 Dec 2025 09:43:26 GMT
Subject: Integrated: 8208693: HttpClient: Extend the request timeout's scope to
 cover the response body
In-Reply-To: <SFmAb-H_ju6V1LUgVA7QYcKPZPE8W8CkhdxCAM6rEBs=.6235a0cd-68d8-4343-81e8-7cc5a6634387@github.com>
References: <SFmAb-H_ju6V1LUgVA7QYcKPZPE8W8CkhdxCAM6rEBs=.6235a0cd-68d8-4343-81e8-7cc5a6634387@github.com>
Message-ID: <7f2ZznXAzjWNfYL1BvHaDEleX2h49igi0WLVXFY51GY=.d802169e-1f56-41e0-9ff6-9aee96dfe3dd@github.com>

On Wed, 24 Sep 2025 13:24:35 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> Currently `HttpRequest::timeout` only applies until the response headers are received. Extend its scope to also cover the consumption of the response body.
> 
> ### Review guidelines
> 
> 1. Read _"the fix"_ in `MultiExchange`
> 2. Skim through the test server *handler* in `TimeoutResponseTestSupport`
> 3. Review first `TimeoutResponseHeaderTest`, and then `TimeoutResponseBodyTest` (Mind the multiple `@test` blocks!)

This pull request has now been integrated.

Changeset: 16699a39
Author:    Volkan Yazici <vyazici at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/16699a394d4d6c2b8a21e7de3c3d344c5a3309b4
Stats:     1093 lines in 15 files changed: 1068 ins; 5 del; 20 mod

8208693: HttpClient: Extend the request timeout's scope to cover the response body

Reviewed-by: jpai, dfuchs

-------------

PR: https://git.openjdk.org/jdk/pull/27469

From duke at openjdk.org  Thu Dec  4 10:50:53 2025
From: duke at openjdk.org (EunHyunsu)
Date: Thu, 4 Dec 2025 10:50:53 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v2]
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:

  8371903: HTTP/2 client should preserve error information from GOAWAY frames
  
  Extracts error code and debug data from GOAWAY frames with non-zero
  error codes and includes them in exception messages. Streams above
  lastStreamId are marked as unprocessed for retry; others fail with
  the error details.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28632/files
  - new: https://git.openjdk.org/jdk/pull/28632/files/4e6b2a82..93c14b3d

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=00-01

  Stats: 76 lines in 3 files changed: 6 ins; 39 del; 31 mod
  Patch: https://git.openjdk.org/jdk/pull/28632.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28632/head:pull/28632

PR: https://git.openjdk.org/jdk/pull/28632

From duke at openjdk.org  Thu Dec  4 10:50:55 2025
From: duke at openjdk.org (EunHyunsu)
Date: Thu, 4 Dec 2025 10:50:55 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <U6Uh9Jf-7oFwqZrnWQIE0am94LSm2laS990-EvHWMc8=.866ca9b6-a4ad-481f-b34c-7300e360a876@github.com>

On Wed, 3 Dec 2025 12:08:33 GMT, EunHyunsu <duke at openjdk.org> wrote:

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

@djelinski  
Thanks for the feedback! Made all the changes:

- Now using `cause.getCloseCause()` for consistency
- Merged sendGoAway methods as suggested
- Test now verifies unprocessed stream retries with lastStreamId=1

Let me know if anything else needs adjustment!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3611468711

From djelinski at openjdk.org  Thu Dec  4 12:13:03 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Thu, 4 Dec 2025 12:13:03 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v2]
In-Reply-To: <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>
Message-ID: <5SnuhXD3fcxtM-_6SHNkpwIAs9ocwYDnYf-Q00x3YTY=.d5f6ee4c-d16c-4c8a-8eae-8f7cb1e5b2a3@github.com>

On Thu, 4 Dec 2025 10:50:53 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: HTTP/2 client should preserve error information from GOAWAY frames
>   
>   Extracts error code and debug data from GOAWAY frames with non-zero
>   error codes and includes them in exception messages. Streams above
>   lastStreamId are marked as unprocessed for retry; others fail with
>   the error details.

I'd really like to see some retried requests in the test. Please:
- change the requests to POST; idempotent requests like GET might be retried for other reasons, POST is only retried when unprocessed,
- send all 3 requests at once, so that there's at least a chance that they will be in progress when GOAWAY is sent,
- check that exactly one request fails. It doesn't have to be the first one, the client sometimes reorders the requests internally.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3611930254

From vyazici at openjdk.org  Thu Dec  4 12:54:37 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 4 Dec 2025 12:54:37 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v6]
In-Reply-To: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
Message-ID: <WFFLlA7WyyWV2jt-ognRjJ9wWh1VEnpZ3GK-SxrpgB0=.7028e315-5816-4cbc-88b1-97511bd5ea03@github.com>

> Add guards against `HttpHeaders::firstValueAsLong` failures. `H3MalformedResponseTest` is overhauled ? migrated to JUnit, reinforced with exception type tests, etc. ? but not all `firstValueAsLong` changes are verified with new additional tests. `test/jdk/java/net/httpclient/` tests still do pass.

Volkan Yazici has updated the pull request incrementally with two additional commits since the last revision:

 - Close connection after `Content-Length` read failure in `Http1Response`
 - Insert the redundant `Http3Stream` assert back

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28431/files
  - new: https://git.openjdk.org/jdk/pull/28431/files/0af344f1..024e355f

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28431&range=05
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28431&range=04-05

  Stats: 20 lines in 2 files changed: 12 ins; 6 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28431.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28431/head:pull/28431

PR: https://git.openjdk.org/jdk/pull/28431

From vyazici at openjdk.org  Thu Dec  4 12:59:48 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 4 Dec 2025 12:59:48 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v7]
In-Reply-To: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
Message-ID: <LNRuG5rDYhQgGzcZd40nZCrxzLfVyXQy8dQUGntNi2g=.11319cd6-2472-427a-a012-a44b74ecd010@github.com>

> Add guards against `HttpHeaders::firstValueAsLong` failures. `H3MalformedResponseTest` is overhauled ? migrated to JUnit, reinforced with exception type tests, etc. ? but not all `firstValueAsLong` changes are verified with new additional tests. `test/jdk/java/net/httpclient/` tests still do pass.

Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 17 additional commits since the last revision:

 - Merge remote-tracking branch 'upstream/master' into firstValueAsLong
 - Close connection after `Content-Length` read failure in `Http1Response`
 - Insert the redundant `Http3Stream` assert back
 - Introduce dangling `firstValueAsLong("content-length")` calls back
 - Document `Http1Response::ignoreBody`
 - Remove redundant `finally`
 - Use `-1` as default in `Http3ExchangeImpl`
 - Use `readStatusCode()` in `Http3Stream`
 - Replace `orElse(null)` with `Optional` usage
 - Address review remarks
 - ... and 7 more: https://git.openjdk.org/jdk/compare/1d684a33...02803082

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28431/files
  - new: https://git.openjdk.org/jdk/pull/28431/files/024e355f..02803082

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28431&range=06
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28431&range=05-06

  Stats: 54778 lines in 842 files changed: 36124 ins; 14480 del; 4174 mod
  Patch: https://git.openjdk.org/jdk/pull/28431.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28431/head:pull/28431

PR: https://git.openjdk.org/jdk/pull/28431

From vyazici at openjdk.org  Thu Dec  4 12:59:52 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 4 Dec 2025 12:59:52 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v5]
In-Reply-To: <lM3npf2h8qUprHWp2V8q04nKHbk1LMki7Jua5XBd7GE=.055d936e-0894-4d95-9eab-52d6f0921f01@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <OvgsFHHMK8elrse4NWJa1afM6CJLNQae_3y0MTfxLHY=.79381b1d-0787-47cf-a9bd-5ed262159b8d@github.com>
 <lM3npf2h8qUprHWp2V8q04nKHbk1LMki7Jua5XBd7GE=.055d936e-0894-4d95-9eab-52d6f0921f01@github.com>
Message-ID: <k8x5MTNn8ule8YHCT75Vlznw2Cgo06f8eQhuOA16vfo=.516fc389-ddc4-4dab-997e-440aa44facc2@github.com>

On Mon, 1 Dec 2025 10:41:11 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Introduce dangling `firstValueAsLong("content-length")` calls back
>
> src/java.net.http/share/classes/jdk/internal/net/http/Http1Response.java line 338:
> 
>> 336:         } catch (ProtocolException pe) {
>> 337:             cf.completeExceptionally(pe);
>> 338:             return cf;
> 
> We're not going to read the body if we return here, so I think we should close the connection with the ProtocolException `pe` before returning the completable future `cf`. Otherwise - the connection will remained unclosed and out of the pool until we close the client.

Doh! Very good catch. I've fixed this in 024e355f034. I've copied the `errorHandler` we pass to `ResponseSubscribers::getBodyAsync`. Note that I've slightly changed the `errorHandler` to have a `finally` block:


try {
    subscriber.onError(error);
    cf.completeExceptionally(error);
} finally {
    asyncReceiver.setRetryOnError(false);
    asyncReceiver.onReadError(error);
}


This is what the `executor.execute(() -> ...)` block does too, which I presume to guard against misbehaving `subscriber::onError` and `cf::completeExceptionally`.

@dfuch, I'm not resolving this conversation yet. Would you mind reviewing 024e355f034 and letting me know if it is okay, please?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28431#discussion_r2588964307

From vyazici at openjdk.org  Thu Dec  4 12:59:54 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 4 Dec 2025 12:59:54 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v7]
In-Reply-To: <lM3npf2h8qUprHWp2V8q04nKHbk1LMki7Jua5XBd7GE=.055d936e-0894-4d95-9eab-52d6f0921f01@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <OvgsFHHMK8elrse4NWJa1afM6CJLNQae_3y0MTfxLHY=.79381b1d-0787-47cf-a9bd-5ed262159b8d@github.com>
 <lM3npf2h8qUprHWp2V8q04nKHbk1LMki7Jua5XBd7GE=.055d936e-0894-4d95-9eab-52d6f0921f01@github.com>
Message-ID: <gUkHCaVm0O5srDbrMinP4nguCgcRth0revdgmts9RpA=.64355f26-c525-48a7-8de7-f9eb9748d2f7@github.com>

On Mon, 1 Dec 2025 10:46:37 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 17 additional commits since the last revision:
>> 
>>  - Merge remote-tracking branch 'upstream/master' into firstValueAsLong
>>  - Close connection after `Content-Length` read failure in `Http1Response`
>>  - Insert the redundant `Http3Stream` assert back
>>  - Introduce dangling `firstValueAsLong("content-length")` calls back
>>  - Document `Http1Response::ignoreBody`
>>  - Remove redundant `finally`
>>  - Use `-1` as default in `Http3ExchangeImpl`
>>  - Use `readStatusCode()` in `Http3Stream`
>>  - Replace `orElse(null)` with `Optional` usage
>>  - Address review remarks
>>  - ... and 7 more: https://git.openjdk.org/jdk/compare/1d684a33...02803082
>
> src/java.net.http/share/classes/jdk/internal/net/http/Http3Stream.java line 630:
> 
>> 628:              finalResponse = true;
>> 629:          } else {
>> 630:              assert responseCode >= 100 && responseCode <= 200 : "unexpected responseCode: " + responseCode;
> 
> Can we keep the assert?

Inserted back in b2074e3379f.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28431#discussion_r2588965325

From schernyshev at openjdk.org  Thu Dec  4 13:31:22 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Thu, 4 Dec 2025 13:31:22 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v6]
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <cRAqQzT83jkEiFke9oKVdt2gImvrkWYWHj53uXBl8SY=.e090067f-e2fd-4910-9ff9-34cf5ad4a350@github.com>

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:

  Apply suggestions from code review
  
  Co-authored-by: Daniel Jelinski <djelinski1 at gmail.com>

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28577/files
  - new: https://git.openjdk.org/jdk/pull/28577/files/5c78ce2c..f1067afd

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=05
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=04-05

  Stats: 5 lines in 1 file changed: 0 ins; 3 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28577.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28577/head:pull/28577

PR: https://git.openjdk.org/jdk/pull/28577

From schernyshev at openjdk.org  Thu Dec  4 14:00:38 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Thu, 4 Dec 2025 14:00:38 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v5]
In-Reply-To: <nXnm1q0yP2LiNLSMs5edUmS1vuw_SDNoL67zcyMVJpU=.f0006fac-ecc5-4202-9eee-176efe7a8bb1@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>
 <nXnm1q0yP2LiNLSMs5edUmS1vuw_SDNoL67zcyMVJpU=.f0006fac-ecc5-4202-9eee-176efe7a8bb1@github.com>
Message-ID: <k0vKWH8pL5K88SC36nVijXbvxgshORgKZU2sM19HeRU=.4334c80e-7899-4b91-82b5-1db331e184a1@github.com>

On Wed, 3 Dec 2025 08:45:54 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   test that ipv4 literals do not propagate to the server names list
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 140:
> 
>> 138: 
>> 139:         var sniSN = clientSSLSocket.getSSLParameters().getServerNames();
>> 140:         if( sniSN != null && !sniSN.isEmpty()) {
> 
> `if( sniSN` ? `if (sniSN`

Thanks, done.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2589190236

From schernyshev at openjdk.org  Thu Dec  4 14:00:32 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Thu, 4 Dec 2025 14:00:32 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v7]
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <6GTacCykz6WSOZCbU4CIJvHf4_dCG_j8FlsupgiC0uA=.83dbb600-11c8-48e8-8894-97c40c7d0c51@github.com>

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:

 - Apply suggestions from code review
   
   Co-authored-by: Volkan Yaz?c? <volkan.yazici at oracle.com>
 - addressed more review comments

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28577/files
  - new: https://git.openjdk.org/jdk/pull/28577/files/f1067afd..36c08741

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=06
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28577&range=05-06

  Stats: 737 lines in 2 files changed: 379 ins; 358 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/28577.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28577/head:pull/28577

PR: https://git.openjdk.org/jdk/pull/28577

From schernyshev at openjdk.org  Thu Dec  4 14:00:35 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Thu, 4 Dec 2025 14:00:35 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v5]
In-Reply-To: <Q9Z0WlGT3DWGyHVL926TMf2SWa5lWVVUk2cCcKSh-8M=.37c97ae2-9823-4c44-888b-ac64ff4c0cd3@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>
 <Q9Z0WlGT3DWGyHVL926TMf2SWa5lWVVUk2cCcKSh-8M=.37c97ae2-9823-4c44-888b-ac64ff4c0cd3@github.com>
Message-ID: <oOTmRyQZyF9UEygeVEpfzt9TVJaiGKL9tJHuHXxteck=.12ff3748-a4ce-4dc1-b863-f1a6704da62b@github.com>

On Wed, 3 Dec 2025 07:28:53 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   test that ipv4 literals do not propagate to the server names list
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java line 105:
> 
>> (failed to retrieve contents of file, check the PR for context)
> Now that you removed the Thread.sleep, you can't close the socket without reading the request off the input stream; it will cause intermittent connection reset failures on Windows. You can use the [readOneRequest method](https://github.com/openjdk/jdk/blob/530493fed4066b1efcf3ec22253b110495767eca/test/jdk/sun/net/www/http/HttpClient/CookieHttpClientTest.java#L77-L89).

Thanks @djelinski for spotting this. Added the method.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2589187574

From schernyshev at openjdk.org  Thu Dec  4 14:06:22 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Thu, 4 Dec 2025 14:06:22 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v5]
In-Reply-To: <nXnm1q0yP2LiNLSMs5edUmS1vuw_SDNoL67zcyMVJpU=.f0006fac-ecc5-4202-9eee-176efe7a8bb1@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>
 <nXnm1q0yP2LiNLSMs5edUmS1vuw_SDNoL67zcyMVJpU=.f0006fac-ecc5-4202-9eee-176efe7a8bb1@github.com>
Message-ID: <4CtGYN_bElH3bVMVRPnBR9PW_az_0ejyvEyl5mxKWnI=.75cbd517-41fe-414f-aea3-a83a1548ee35@github.com>

On Wed, 3 Dec 2025 08:42:54 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Sergey Chernyshev has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   test that ipv4 literals do not propagate to the server names list
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIPv6.java line 31:
> 
>> 29:  * @library /test/lib
>> 30:  * @comment Insert -Djavax.net.debug=all into the following lines to enable SSL debugging
>> 31:  * @run main/othervm SubjectAltNameIPv6 127.0.0.1
> 
> Since we also test against IPv4, I'd remove the mention of IPv6 from the class name (e.g., `SubjectAltNameIP`) and `@summary`.

Thanks, done.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2589213316

From schernyshev at openjdk.org  Thu Dec  4 14:06:24 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Thu, 4 Dec 2025 14:06:24 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v5]
In-Reply-To: <YAPM5blxlyplQB-Fvc3zyL7X7vBi9VFvMxX74RQxJgc=.429028e6-ba15-4408-a555-a1d292c300fb@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <Zf9Ox7gLklZdixAutgvE4jW4Jait-Km7yDwGslH2BoY=.071e26f2-e68c-44c6-9a0d-2048e89915e5@github.com>
 <nXnm1q0yP2LiNLSMs5edUmS1vuw_SDNoL67zcyMVJpU=.f0006fac-ecc5-4202-9eee-176efe7a8bb1@github.com>
 <nDLXxbhBvgcWPG1viDVOrmzRoUDrQZE5uiZ5o_8tKMg=.eb1f168a-4e97-4c3f-8a5d-d872cc0fb044@github.com>
 <YAPM5blxlyplQB-Fvc3zyL7X7vBi9VFvMxX74RQxJgc=.429028e6-ba15-4408-a555-a1d292c300fb@github.com>
Message-ID: <prsRdjaVn-JxQnwx1DjphLfCnIEKUKss-Ys9BYyTrNg=.a61595b5-39c6-4f92-be70-2d423324d1c8@github.com>

On Wed, 3 Dec 2025 19:53:22 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> The method `doClientSide()` is called from constructor, the `clientSSLSocket` is non-static and was set to `null`. Therefore, it's the only assignment of clientSSLSocket per instance. Or do you mean the check must be in the the lambda-expr?
>
> I mean something like:
> 
> Suggestion:
> 
>                 sslSocket -> {
>                     assertNull(clientSSLSocket);
>                     clientSSLSocket = sslSocket;
>                 }));
> 
> 
> To avoid double-assignment and eventually causing verification of the wrong value.

I made `assertEquals` instead, otherwise it shows an incorrect message - it prints the left hand operand as "expected" value, which in the case of `assertNull` is in the right hand operand.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2589205237

From djelinski at openjdk.org  Thu Dec  4 15:29:37 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Thu, 4 Dec 2025 15:29:37 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v7]
In-Reply-To: <6GTacCykz6WSOZCbU4CIJvHf4_dCG_j8FlsupgiC0uA=.83dbb600-11c8-48e8-8894-97c40c7d0c51@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <6GTacCykz6WSOZCbU4CIJvHf4_dCG_j8FlsupgiC0uA=.83dbb600-11c8-48e8-8894-97c40c7d0c51@github.com>
Message-ID: <9kY0jI8q-onrT2gyc1z3Ldx9Iz1Y9TQwxObWhlMfHdI=.b7c542c3-568c-44f5-bedb-af8b0b48e98a@github.com>

On Thu, 4 Dec 2025 14:00:32 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - Apply suggestions from code review
>    
>    Co-authored-by: Volkan Yaz?c? <volkan.yazici at oracle.com>
>  - addressed more review comments

Marked as reviewed by djelinski (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28577#pullrequestreview-3540588435

From smonteith at openjdk.org  Thu Dec  4 16:24:25 2025
From: smonteith at openjdk.org (Stuart Monteith)
Date: Thu, 4 Dec 2025 16:24:25 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
In-Reply-To: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
References: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
Message-ID: <Uagao4pRdbSEELHfvD4OyFwyhG8dVcCSqk3lkAbCeaQ=.c9c9aaa1-d740-4a59-aa90-49078d6051d6@github.com>

On Mon, 1 Dec 2025 11:59:38 GMT, Stuart Monteith <smonteith at openjdk.org> wrote:

> MemorySegments allocated from shared Arena from
> java.lang.foreign.Arena.ofShared() have their lifecycle controlled by jdk.internal.foreign.SharedSession. This class ensures that the MemorySegments can't be freed until after a thread has called Arena.close(). This is implemented using a counter that is atomically incremented when used, and decremented when not used, on every invocation of a downcall. While shared Arenas allow any thread to use it and to close it, this tracking has a cost when multiple threads are contended on it. This patch changes the implementation to use multiple counters to reduce contention. sun.nio.ch.IOUtil, java.nio.Buffer and sun.nio.ch.SimpleAsynchronousFileChannelImpl are modified as they have threads releasing the scope different from the ones that allocated them, so a ticket that tracks the counter has to be passed over.
> 
> The microbenchmark org.openjdk.bench.java.lang.foreign. CallOverheadConstant.panama_identity_memory_address_shared_3 was used to generate the following results. The scalability was checked on a number of platforms with the JMH parameter "-t" specifying the number of threads. Measurements are in ns/op .
> 
> The hardware are the Neoverse-N1, N2, V1 and V2, Intel Xeon 8375c and the AMD Epyc 9654.
> 
> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
> |---------|-------|-------|-------|-------|-------|-------|
> |    1  |    30.88   |   32.15  |    33.54  |    32.82  |    27.46  |     8.45 |
> |   2    | 142.56    | 134.48  |   132.01 |    131.50 |    116.68   |   46.53 |
> |  4    |  310.18   |  282.75  |   287.59  |   271.82  |   251.88   |   86.11 |
> |  8    |  702.02   |  710.29  |   736.72  |   670.63  |   533.46   |  194.60 |
> |   16  |  1,436.17 |  1,684.80 |  1,833.69 |  1,782.78 |  1,100.15 |    827.28 |
> |  24  | 2,185.55 |  2,508.86 |  2,732.22 |  2,815.26 |  1,646.09 |  1,530.28  |
> |   32  | 2,942.48 |  3,432.84 |  3,643.64 |  3,782.23 |  2,236.81 |  2,278.52 |
> |   48  | 4,466.56 |  5,174.72 |  5,401.95 |  5,621.41 |  4,926.30  | 3,026.58 |
> 
> After:
> 
> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
> |---------|-------|-------|-------|-------|-------|-------|
> |    1  |    32.41  |    32.11  |    34.43  |  31.32  |    27.94  |     9.82 |
> |    2  |    32.64  |    33.72  |    35.11  |  31.30  |    28.02  |     9.81 |
> |    4  |    32.71  |    36.84  |    34.67  |  31.35  |   28.12   |   10.49 |
> |    8  |    58.22  |    31.60  |    36.87  |  31.72  |    47.09  |...

I'll start a discussion soon on panama-dev. At the very least, this PR provides a point of discussion.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28575#issuecomment-3613061007

From dyama at openjdk.org  Thu Dec  4 16:27:16 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Thu, 4 Dec 2025 16:27:16 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some formatting
 cleanup
Message-ID: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>

Hello mainteners,

I cleaned up inconsistent spacing across the httpserver codebase.  

1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
2. Applied the same rule to function and constructor calls.
3. Normalised other spacing based on the majority style already used in the codebase.
4. Left spots untouched where keeping the spacing improves readability.

**This PR only adds or removes spaces. No functional changes.**

If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
I split the commits, so I can easily revert the one that touches the logic.

-------------

Commit messages:
 - Cleanup space formatting and indentation across multiple HTTP server files
 - Cleanup formatting and indentation in the document of HttpsConfigurator.java
 - 8372746: Cleanup formatting and indentation in package-info.java

Changes: https://git.openjdk.org/jdk/pull/28660/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8372746
  Stats: 677 lines in 30 files changed: 0 ins; 0 del; 677 mod
  Patch: https://git.openjdk.org/jdk/pull/28660.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28660/head:pull/28660

PR: https://git.openjdk.org/jdk/pull/28660

From mikael at openjdk.org  Fri Dec  5 01:42:56 2025
From: mikael at openjdk.org (Mikael Vidstedt)
Date: Fri, 5 Dec 2025 01:42:56 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup
In-Reply-To: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
Message-ID: <V-ffCS8z0gtQLOh7ut4AomaTzdQlPAlHqxoKIRipsnQ=.0db36722-92c4-4863-9adc-7801dfcd71d6@github.com>

On Thu, 4 Dec 2025 16:19:07 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

> Hello mainteners,
> 
> I cleaned up inconsistent spacing across the httpserver codebase.  
> 
> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
> 2. Applied the same rule to function and constructor calls.
> 3. Normalised other spacing based on the majority style already used in the codebase.
> 4. Left spots untouched where keeping the spacing improves readability.
> 
> **This PR only adds or removes spaces. No functional changes.**
> 
> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
> I split the commits, so I can easily revert the one that touches the logic.

src/jdk.httpserver/share/classes/com/sun/net/httpserver/package-info.java line 123:

> 121:         public void configure (HttpsParameters params) {
> 122: 
> 123:         // get the remote address if needed

Always hard to tell, but I _think_ the indentation of this whole block (the body of the `configure` method) is still off - all the lines 123-136 should be indented 4 more space?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2591122288

From duke at openjdk.org  Fri Dec  5 06:43:05 2025
From: duke at openjdk.org (Christoph =?UTF-8?B?TMOkdWJyaWNo?=)
Date: Fri, 5 Dec 2025 06:43:05 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v2]
In-Reply-To: <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>
Message-ID: <q29VI2Hh95ZK2dsurWrbM8ufdAtM6QdEVUisd5QPERs=.a2f5d691-48cb-422b-8cb7-8d69c36b864a@github.com>

On Thu, 4 Dec 2025 10:50:53 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: HTTP/2 client should preserve error information from GOAWAY frames
>   
>   Extracts error code and debug data from GOAWAY frames with non-zero
>   error codes and includes them in exception messages. Streams above
>   lastStreamId are marked as unprocessed for retry; others fail with
>   the error details.

> * Modified `handleGoAway()` to check error code and route appropriately
> 
> * Added `handleGoAwayWithError()` method that:
>   
>   * Extracts error code and debug data from GOAWAY frame
>   * Creates meaningful error messages with error name, hex code, and debug data
>   * Properly categorizes streams for retry or failure

This looks quite similar to something I have proposed here:

- https://github.com/laeubi/java-http-client/issues/8

As mentioned there, I think having a generic Exception with a STRING(!) message is not really something useful. I would suggest to add an own exception type so the client code is able to extract further details in a semantic way.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3615517739

From vyazici at openjdk.org  Fri Dec  5 08:20:00 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 5 Dec 2025 08:20:00 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v7]
In-Reply-To: <6GTacCykz6WSOZCbU4CIJvHf4_dCG_j8FlsupgiC0uA=.83dbb600-11c8-48e8-8894-97c40c7d0c51@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <6GTacCykz6WSOZCbU4CIJvHf4_dCG_j8FlsupgiC0uA=.83dbb600-11c8-48e8-8894-97c40c7d0c51@github.com>
Message-ID: <xyxXpD-zMr94RebpEUjw3hoXOgYY0IoEYueq54Z57uU=.589322cf-7b1e-4b5c-b644-df6f00f89aa3@github.com>

On Thu, 4 Dec 2025 14:00:32 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - Apply suggestions from code review
>    
>    Co-authored-by: Volkan Yaz?c? <volkan.yazici at oracle.com>
>  - addressed more review comments

Marked as reviewed by vyazici (Committer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28577#pullrequestreview-3543570009

From djelinski at openjdk.org  Fri Dec  5 09:51:56 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Fri, 5 Dec 2025 09:51:56 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v2]
In-Reply-To: <q29VI2Hh95ZK2dsurWrbM8ufdAtM6QdEVUisd5QPERs=.a2f5d691-48cb-422b-8cb7-8d69c36b864a@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>
 <q29VI2Hh95ZK2dsurWrbM8ufdAtM6QdEVUisd5QPERs=.a2f5d691-48cb-422b-8cb7-8d69c36b864a@github.com>
Message-ID: <IHJLGv61x24HknUGATosgO0m_5ZVL1K7ywe_0yOgybY=.128e27aa-268b-4cb5-8f36-b1c514505319@github.com>

On Fri, 5 Dec 2025 06:40:44 GMT, Christoph L?ubrich <duke at openjdk.org> wrote:

>> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8371903: HTTP/2 client should preserve error information from GOAWAY frames
>>   
>>   Extracts error code and debug data from GOAWAY frames with non-zero
>>   error codes and includes them in exception messages. Streams above
>>   lastStreamId are marked as unprocessed for retry; others fail with
>>   the error details.
>
>> * Modified `handleGoAway()` to check error code and route appropriately
>> 
>> * Added `handleGoAwayWithError()` method that:
>>   
>>   * Extracts error code and debug data from GOAWAY frame
>>   * Creates meaningful error messages with error name, hex code, and debug data
>>   * Properly categorizes streams for retry or failure
> 
> This looks quite similar to something I have proposed here:
> 
> - https://github.com/laeubi/java-http-client/issues/8
> 
> As mentioned there, I think having a generic Exception with a STRING(!) message is not really something useful. I would suggest to add an own exception type so the client code is able to extract further details in a semantic way.

Hi @laeubi, yes it's related to your report. The point of this PR is to bring HTTP2 on par with HTTP3, which throws an exception with a string message. Specialized exception can be handled as a future enhancement, but I'd like to see some evidence that it would be useful to users.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3616075477

From dyama at openjdk.org  Fri Dec  5 10:32:14 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Fri, 5 Dec 2025 10:32:14 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
Message-ID: <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>

> Hello mainteners,
> 
> I cleaned up inconsistent spacing across the httpserver codebase.  
> 
> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
> 2. Applied the same rule to function and constructor calls.
> 3. Normalised other spacing based on the majority style already used in the codebase.
> 4. Left spots untouched where keeping the spacing improves readability.
> 
> **This PR only adds or removes spaces. No functional changes.**
> 
> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
> I split the commits, so I can easily revert the one that touches the logic.

Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:

  Fix wrong indentation in package-info.java

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28660/files
  - new: https://git.openjdk.org/jdk/pull/28660/files/4b2af821..48827e61

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=00-01

  Stats: 11 lines in 1 file changed: 0 ins; 0 del; 11 mod
  Patch: https://git.openjdk.org/jdk/pull/28660.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28660/head:pull/28660

PR: https://git.openjdk.org/jdk/pull/28660

From dyama at openjdk.org  Fri Dec  5 10:32:16 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Fri, 5 Dec 2025 10:32:16 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <V-ffCS8z0gtQLOh7ut4AomaTzdQlPAlHqxoKIRipsnQ=.0db36722-92c4-4863-9adc-7801dfcd71d6@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <V-ffCS8z0gtQLOh7ut4AomaTzdQlPAlHqxoKIRipsnQ=.0db36722-92c4-4863-9adc-7801dfcd71d6@github.com>
Message-ID: <2reUCoJ4VBM82F5adCi_KpAq4Vr8-ynzgqyOhGk0tc0=.fd3c85f0-067c-4625-b6d7-7998e8780bab@github.com>

On Fri, 5 Dec 2025 01:39:52 GMT, Mikael Vidstedt <mikael at openjdk.org> wrote:

>> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Fix wrong indentation in package-info.java
>
> src/jdk.httpserver/share/classes/com/sun/net/httpserver/package-info.java line 123:
> 
>> 121:         public void configure (HttpsParameters params) {
>> 122: 
>> 123:         // get the remote address if needed
> 
> Always hard to tell, but I _think_ the indentation of this whole block (the body of the `configure` method) is still off - all the lines 123-136 should be indented 4 more space?

Thanks for your reviewing.
I totally missed that.
I shifted the whole thing 4 spaces so it's consistent now.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2592176440

From mikael at openjdk.org  Fri Dec  5 18:22:58 2025
From: mikael at openjdk.org (Mikael Vidstedt)
Date: Fri, 5 Dec 2025 18:22:58 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
Message-ID: <CcrNcWUPgmUdgqY_Odry0VLnxWJXkLiyGvuY-bsdG9g=.bce68072-191e-4a4b-af8b-6dcc7892f35b@github.com>

On Fri, 5 Dec 2025 10:32:14 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix wrong indentation in package-info.java

Thank you for fixing this!

-------------

Marked as reviewed by mikael (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28660#pullrequestreview-3545868993

From mcimadamore at openjdk.org  Fri Dec  5 22:25:56 2025
From: mcimadamore at openjdk.org (Maurizio Cimadamore)
Date: Fri, 5 Dec 2025 22:25:56 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
In-Reply-To: <Uagao4pRdbSEELHfvD4OyFwyhG8dVcCSqk3lkAbCeaQ=.c9c9aaa1-d740-4a59-aa90-49078d6051d6@github.com>
References: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
 <Uagao4pRdbSEELHfvD4OyFwyhG8dVcCSqk3lkAbCeaQ=.c9c9aaa1-d740-4a59-aa90-49078d6051d6@github.com>
Message-ID: <tcRe3vpWOR3SEBw7JnShHNNiNVE8Bcc2r4tMlJGDpUo=.081671ae-b992-433f-9adf-09a8b0cac6d6@github.com>

On Thu, 4 Dec 2025 16:22:08 GMT, Stuart Monteith <smonteith at openjdk.org> wrote:

> I'll start a discussion soon on panama-dev. At the very least, this PR provides a point of discussion.

Thanks!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28575#issuecomment-3618818702

From duke at openjdk.org  Sat Dec  6 03:36:01 2025
From: duke at openjdk.org (duke)
Date: Sat, 6 Dec 2025 03:36:01 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
Message-ID: <Qn71nQTfuv5pswLCHLph98cfqAr1LrIVXubv0SrU_NU=.1f6f6c80-93c9-4ccb-8d6d-adfee41ab50f@github.com>

On Fri, 5 Dec 2025 10:32:14 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix wrong indentation in package-info.java

@PeyaPeyaPeyang 
Your change (at version 48827e6190ed13eb6e29755bba41cf7808e11784) is now ready to be sponsored by a Committer.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3619408855

From duke at openjdk.org  Sat Dec  6 11:41:55 2025
From: duke at openjdk.org (EunHyunsu)
Date: Sat, 6 Dec 2025 11:41:55 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v2]
In-Reply-To: <IHJLGv61x24HknUGATosgO0m_5ZVL1K7ywe_0yOgybY=.128e27aa-268b-4cb5-8f36-b1c514505319@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>
 <q29VI2Hh95ZK2dsurWrbM8ufdAtM6QdEVUisd5QPERs=.a2f5d691-48cb-422b-8cb7-8d69c36b864a@github.com>
 <IHJLGv61x24HknUGATosgO0m_5ZVL1K7ywe_0yOgybY=.128e27aa-268b-4cb5-8f36-b1c514505319@github.com>
Message-ID: <IcAhC8qFJW3GkIXjvNRtlC8xJkdsFTpUw7v_MBA684M=.1b7563f3-4765-416e-9dde-887ceaa4a21b@github.com>

On Fri, 5 Dec 2025 09:48:59 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>>> * Modified `handleGoAway()` to check error code and route appropriately
>>> 
>>> * Added `handleGoAwayWithError()` method that:
>>>   
>>>   * Extracts error code and debug data from GOAWAY frame
>>>   * Creates meaningful error messages with error name, hex code, and debug data
>>>   * Properly categorizes streams for retry or failure
>> 
>> This looks quite similar to something I have proposed here:
>> 
>> - https://github.com/laeubi/java-http-client/issues/8
>> 
>> As mentioned there, I think having a generic Exception with a STRING(!) message is not really something useful. I would suggest to add an own exception type so the client code is able to extract further details in a semantic way.
>
> Hi @laeubi, yes it's related to your report. The point of this PR is to bring HTTP2 on par with HTTP3, which throws an exception with a string message. Specialized exception can be handled as a future enhancement, but I'd like to see some evidence that it would be useful to users.

@djelinski Updated per your suggestions:
  - Switched to POST requests (only retried when unprocessed)
  - Sending all 3 requests at once to test race conditions
  - Dynamic lastStreamId based on first arriving request
  - Validates exactly 1 failure and 2 successes regardless of order

  Test now correctly verifies unprocessed stream retry behavior.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3620001709

From duke at openjdk.org  Sat Dec  6 12:33:38 2025
From: duke at openjdk.org (EunHyunsu)
Date: Sat, 6 Dec 2025 12:33:38 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v3]
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <zRleJHHEePZ8cvo_K0S0k0-v2OHd6sh32MVH6oLUUxk=.8a426817-9215-427a-aa7c-4062a0ec58dd@github.com>

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:

  8371903: HTTP/2 client should preserve error information from GOAWAY frames
  
  Extracts error code and debug data from GOAWAY frames with non-zero
  error codes and includes them in exception messages. Streams above
  lastProcessedStream are marked as unprocessed for retry; others fail
  with the error details.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28632/files
  - new: https://git.openjdk.org/jdk/pull/28632/files/93c14b3d..2b100424

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=01-02

  Stats: 59 lines in 2 files changed: 33 ins; 12 del; 14 mod
  Patch: https://git.openjdk.org/jdk/pull/28632.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28632/head:pull/28632

PR: https://git.openjdk.org/jdk/pull/28632

From duke at openjdk.org  Sat Dec  6 12:49:34 2025
From: duke at openjdk.org (EunHyunsu)
Date: Sat, 6 Dec 2025 12:49:34 GMT
Subject: RFR: 8328894: HttpResponse.body() returns null with https target
 and failed proxy authentication [v2]
In-Reply-To: <rZWs6dfytoglAKMHnuxy8KyV4MzsM67funSgAwQbDI8=.37a02dab-8f12-4cb2-89b5-c26bf81908a4@github.com>
References: <rZWs6dfytoglAKMHnuxy8KyV4MzsM67funSgAwQbDI8=.37a02dab-8f12-4cb2-89b5-c26bf81908a4@github.com>
Message-ID: <IkArQmBNveaatdh3Yqw-MpOGSihsbL5FMZPAtUA3ymY=.6e7566d0-199a-4809-9d96-160413033e49@github.com>

> ### Summary
>   This patch addresses the issue where `HttpResponse.body()` returns `null` for 407 responses when using HTTPS through a proxy, while HTTP requests correctly return the response body.
> 
>   ### Problem
>   When an HTTPS request receives a 407 Proxy Authentication Required response, the response body is discarded during CONNECT tunnel establishment. This is inconsistent with HTTP behavior where the body is properly returned.
> 
>   **Root cause:**
>   - HTTPS uses `MultiExchange<Void>` for CONNECT requests
>   - The body is explicitly ignored via `ignoreBody()` on 407 responses
>   - No mechanism exists to preserve the body for later retrieval
> 
>   ### Proposed Solution
>   I propose the following changes to preserve and return the 407 response body:
> 
>   1. **PlainTunnelingConnection.java**: Change `MultiExchange<Void>` to `MultiExchange<byte[]>` and read the body on 407 responses instead of ignoring it
> 
>   2. **ProxyAuthenticationRequired.java**: Add `proxyResponseBody` field to carry the body bytes through the exception
> 
>   3. **Exchange.java**: Cache both the proxy response and body, then return them when the application calls `body()`
> 
>   ### Testing
>   Added comprehensive test (`ProxyAuthHttpTest.java`) covering:
>   - Basic HTTP and HTTPS 407 responses
>   - Multiple `BodyHandler` types: `ofString()`, `ofByteArray()`, `ofInputStream()`, `ofLines()`
>   - Response headers validation
> 
>   **Test results**: 38/38 passed
> 
>   ### Notes
>   - This change only affects 407 responses; all other flows remain unchanged
>   - The cached body is cleared after first use to prevent reuse
>   - No changes to public APIs; internal implementation only
> 
>   I'd appreciate any feedback on this approach. If there's a better way to handle this, I'm happy to revise.

EunHyunsu has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:

 - fix whitespace issue
 - Merge branch 'master' into JDK-8328894
 - 8328894: Add test for 407 response body with various handlers
 - 8328894: Cache and return 407 response body to application
 - 8328894: Add proxyResponseBody field to preserve 407 body
 - 8328894: Read 407 response body in HTTPS CONNECT tunneling

-------------

Changes: https://git.openjdk.org/jdk/pull/28232/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28232&range=01
  Stats: 373 lines in 4 files changed: 302 ins; 8 del; 63 mod
  Patch: https://git.openjdk.org/jdk/pull/28232.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28232/head:pull/28232

PR: https://git.openjdk.org/jdk/pull/28232

From duke at openjdk.org  Sat Dec  6 13:02:56 2025
From: duke at openjdk.org (ExE Boss)
Date: Sat, 6 Dec 2025 13:02:56 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
In-Reply-To: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
References: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
Message-ID: <bRv8yWeVDg2jzpODllmKdUyYNv0gOncJMafGKRwAPk0=.06fdbd85-742c-4034-99cc-facc3ec753b6@github.com>

On Mon, 1 Dec 2025 11:59:38 GMT, Stuart Monteith <smonteith at openjdk.org> wrote:

> MemorySegments allocated from shared Arena from
> java.lang.foreign.Arena.ofShared() have their lifecycle controlled by jdk.internal.foreign.SharedSession. This class ensures that the MemorySegments can't be freed until after a thread has called Arena.close(). This is implemented using a counter that is atomically incremented when used, and decremented when not used, on every invocation of a downcall. While shared Arenas allow any thread to use it and to close it, this tracking has a cost when multiple threads are contended on it. This patch changes the implementation to use multiple counters to reduce contention. sun.nio.ch.IOUtil, java.nio.Buffer and sun.nio.ch.SimpleAsynchronousFileChannelImpl are modified as they have threads releasing the scope different from the ones that allocated them, so a ticket that tracks the counter has to be passed over.
> 
> The microbenchmark org.openjdk.bench.java.lang.foreign. CallOverheadConstant.panama_identity_memory_address_shared_3 was used to generate the following results. The scalability was checked on a number of platforms with the JMH parameter "-t" specifying the number of threads. Measurements are in ns/op .
> 
> The hardware are the Neoverse-N1, N2, V1 and V2, Intel Xeon 8375c and the AMD Epyc 9654.
> 
> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
> |---------|-------|-------|-------|-------|-------|-------|
> |    1  |    30.88   |   32.15  |    33.54  |    32.82  |    27.46  |     8.45 |
> |   2    | 142.56    | 134.48  |   132.01 |    131.50 |    116.68   |   46.53 |
> |  4    |  310.18   |  282.75  |   287.59  |   271.82  |   251.88   |   86.11 |
> |  8    |  702.02   |  710.29  |   736.72  |   670.63  |   533.46   |  194.60 |
> |   16  |  1,436.17 |  1,684.80 |  1,833.69 |  1,782.78 |  1,100.15 |    827.28 |
> |  24  | 2,185.55 |  2,508.86 |  2,732.22 |  2,815.26 |  1,646.09 |  1,530.28  |
> |   32  | 2,942.48 |  3,432.84 |  3,643.64 |  3,782.23 |  2,236.81 |  2,278.52 |
> |   48  | 4,466.56 |  5,174.72 |  5,401.95 |  5,621.41 |  4,926.30  | 3,026.58 |
> 
> After:
> 
> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
> |---------|-------|-------|-------|-------|-------|-------|
> |    1  |    32.41  |    32.11  |    34.43  |  31.32  |    27.94  |     9.82 |
> |    2  |    32.64  |    33.72  |    35.11  |  31.30  |    28.02  |     9.81 |
> |    4  |    32.71  |    36.84  |    34.67  |  31.35  |   28.12   |   10.49 |
> |    8  |    58.22  |    31.60  |    36.87  |  31.72  |    47.09  |...

src/java.base/share/classes/jdk/internal/foreign/SharedSession.java line 89:

> 87:     @ForceInline
> 88:     private int getCounter() {
> 89:         return Thread.currentThread().hashCode() & mask;

Maybe use?[`System?::identityHashCode`] here?instead, as?the?`hashCode()`?method of?a?`Thread` can?be?overridden by?subclasses.
Suggestion:

        return System.identityHashCode(Thread.currentThread()) & mask;


[`System?::identityHashCode`]: https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/lang/System.html#identityHashCode%28java.lang.Object%29

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28575#discussion_r2594828923

From d.yamazaki at peya.tokyo  Sun Dec  7 18:23:53 2025
From: d.yamazaki at peya.tokyo (Daisuke Yamazaki)
Date: Mon, 08 Dec 2025 03:23:53 +0900
Subject: jtreg test comments: /* vs /** usage
Message-ID: <19afa0e5181.26cbbd8791536.7686578147937895807@peya.tokyo>

Hello all,

I noticed that in most jtreg tests, the standard block comment `/* ... */` is 
used for the test directives.
This is also what official jtreg documentation shows.

However, in some older tests[1], for example QUIC-related tests[2], 
I see`/** ... */` being used instead of `/* ... */`.

Is there any specific reason for using JavaDoc-style comments (`/** ... */`) in 
these tests?
Are there cases where `/**` beginning is preferred over the regular block 
comment for jtreg directives?

If there is a need to standardise this style, I can file a bug to track it.

Thanks for any clarification.

Best regards,
D. Yamazaki

[1]: https://github.com/openjdk/jdk/blob/master/test/jdk/java/net/httpclient/Http1ChunkedTest.java#L40-L46
[2]: https://github.com/openjdk/jdk/blob/master/test/jdk/java/net/httpclient/quic/AckElicitingTest.java#L86-L93

From jpai at openjdk.org  Mon Dec  8 06:58:05 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Mon, 8 Dec 2025 06:58:05 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
Message-ID: <JBYueEciL7c2xVlTLI0box8BC4lh9X3hcZbPRaWLdrM=.6f78801a-b4f4-4001-8dde-bb3fcd2af384@github.com>

On Fri, 5 Dec 2025 10:32:14 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix wrong indentation in package-info.java

src/jdk.httpserver/share/classes/sun/net/httpserver/ChunkedOutputStream.java line 77:

> 75:     }
> 76: 
> 77:     public void write(byte[]b, int off, int len) throws IOException {

Hello @PeyaPeyaPeyang, this is pre-existing but it will be good to leave a space between `byte[]` and `b`. I'm slightly surprised that `byte[]b` compiles without any error.

src/jdk.httpserver/share/classes/sun/net/httpserver/ChunkedOutputStream.java line 87:

> 85:         int remain = CHUNK_SIZE - count;
> 86:         if (len > remain) {
> 87:             System.arraycopy(b,off,buf,pos,remain);

And here too.

src/jdk.httpserver/share/classes/sun/net/httpserver/ChunkedOutputStream.java line 93:

> 91:             off += remain;
> 92:             while (len >= CHUNK_SIZE) {
> 93:                 System.arraycopy(b,off,buf,OFFSET,CHUNK_SIZE);

Same here, please add a space after each of those commas.

src/jdk.httpserver/share/classes/sun/net/httpserver/ChunkedOutputStream.java line 101:

> 99:         }
> 100:         if (len > 0) {
> 101:             System.arraycopy(b,off,buf,pos,len);

Since we are touching this code, adding a space after each of those commas will be good.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2597249161
PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2597253131
PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2597252203
PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2597251071

From jpai at openjdk.org  Mon Dec  8 07:06:00 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Mon, 8 Dec 2025 07:06:00 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
Message-ID: <ZqKFdj3u_wrCDgxX-QWZOAwnVBmoKyeWkIMk-J73R6Q=.24336c4d-8bdc-4690-865c-f645c70bd8d9@github.com>

On Fri, 5 Dec 2025 10:32:14 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix wrong indentation in package-info.java

src/jdk.httpserver/share/classes/sun/net/httpserver/ExchangeImpl.java line 344:

> 342:     }
> 343: 
> 344:     public InetSocketAddress getRemoteAddress(){

Please add a space between `()` and `{`

src/jdk.httpserver/share/classes/sun/net/httpserver/ExchangeImpl.java line 351:

> 349:     }
> 350: 
> 351:     public InetSocketAddress getLocalAddress(){

Here and for `getProtocol()` method too, please add a space between `()` and `{`.

src/jdk.httpserver/share/classes/sun/net/httpserver/FixedLengthInputStream.java line 50:

> 48:     }
> 49: 
> 50:     protected int readImpl(byte[]b, int off, int len) throws IOException {

Please add a space between `byte[]` and `b`

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2597266083
PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2597269866
PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2597272666

From alan.bateman at oracle.com  Mon Dec  8 07:06:06 2025
From: alan.bateman at oracle.com (Alan Bateman)
Date: Mon, 8 Dec 2025 07:06:06 +0000
Subject: jtreg test comments: /* vs /** usage
In-Reply-To: <19afa0e5181.26cbbd8791536.7686578147937895807@peya.tokyo>
References: <19afa0e5181.26cbbd8791536.7686578147937895807@peya.tokyo>
Message-ID: <6a852723-cc09-4956-aea3-63933f268817@oracle.com>

On 07/12/2025 18:23, Daisuke Yamazaki wrote:
> Hello all,
>
> I noticed that in most jtreg tests, the standard block comment `/* ... */` is
> used for the test directives.
> This is also what official jtreg documentation shows.
>
> However, in some older tests[1], for example QUIC-related tests[2],
> I see`/** ... */` being used instead of `/* ... */`.
>
> Is there any specific reason for using JavaDoc-style comments (`/** ... */`) in
> these tests?
> Are there cases where `/**` beginning is preferred over the regular block
> comment for jtreg directives?
>
jtreg (via the JT harness) looks for @test as the first token in /* .. 
*/ comments and doc comments /** .. */.? The examples in the tag spec 
[1] use traditional comments but the test suites in openjdk/jdk have a 
mix. I don't recall any discussion about making this a style issue and 
trying to be consistent.

-Alan

[1] https://openjdk.org/jtreg/tag-spec.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/net-dev/attachments/20251208/b1a62016/attachment.htm>

From jpai at openjdk.org  Mon Dec  8 07:08:58 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Mon, 8 Dec 2025 07:08:58 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
Message-ID: <c8UWWHb5GyfaS_TGjeiXPV0Uj8esd52qU_tWKYa01RQ=.608b9db1-5759-46dc-929d-366cc73b301c@github.com>

On Fri, 5 Dec 2025 10:32:14 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix wrong indentation in package-info.java

src/jdk.httpserver/share/classes/sun/net/httpserver/HttpExchangeImpl.java line 88:

> 86:     }
> 87: 
> 88:     public InetSocketAddress getRemoteAddress(){

Please add a space between `()` and `{` for this and a few other methods that have been updated.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2597283779

From jpai at openjdk.org  Mon Dec  8 07:12:59 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Mon, 8 Dec 2025 07:12:59 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
Message-ID: <wJQ-pMpY3v18PhuZz_KG4HIDtIny8Lk90-wUdBOXfWY=.cf61b85d-ebe5-42cc-b2fa-ed3902d7862c@github.com>

On Fri, 5 Dec 2025 10:32:14 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix wrong indentation in package-info.java

src/jdk.httpserver/share/classes/sun/net/httpserver/LeftOverInputStream.java line 82:

> 80:     }
> 81: 
> 82:     protected abstract int readImpl(byte[]b, int off, int len) throws IOException;

Here too, please add a space between `byte[]` and `b`.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2597293226

From jpai at openjdk.org  Mon Dec  8 07:26:01 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Mon, 8 Dec 2025 07:26:01 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
Message-ID: <nOZc5zfmMl9LpLKPkLIUlg8uJZBxJMjcZ-Lo8yGmIQU=.66477121-9978-4e04-870b-d998a81cdcac@github.com>

On Fri, 5 Dec 2025 10:32:14 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix wrong indentation in package-info.java

src/jdk.httpserver/share/classes/sun/net/httpserver/UndefLengthOutputStream.java line 55:

> 53:     }
> 54: 
> 55:     public void write(byte[]b, int off, int len) throws IOException {

Here too, please add a space between `byte[]` and `b`

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2597323187

From jpai at openjdk.org  Mon Dec  8 07:34:59 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Mon, 8 Dec 2025 07:34:59 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
Message-ID: <8fJuxM9nQEkjDXh-YRutchcGPSOCm7vxstrh5DtwS0g=.cc4493fb-7188-4e88-a9f2-5c1c9f2617a6@github.com>

On Fri, 5 Dec 2025 10:32:14 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix wrong indentation in package-info.java

Several of these updated files will need a copyright year update. For example, in Authenticator.java, please update `2006, 2023,` to `2006, 2025,` and in DefaultHttpServerProvider.java change `2005,` to `2005, 2025,`. Please update the other updated files accordingly.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3625391143

From duke at openjdk.org  Mon Dec  8 08:59:05 2025
From: duke at openjdk.org (duke)
Date: Mon, 8 Dec 2025 08:59:05 GMT
Subject: RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due
 to IllegalArgumentException [v7]
In-Reply-To: <6GTacCykz6WSOZCbU4CIJvHf4_dCG_j8FlsupgiC0uA=.83dbb600-11c8-48e8-8894-97c40c7d0c51@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
 <6GTacCykz6WSOZCbU4CIJvHf4_dCG_j8FlsupgiC0uA=.83dbb600-11c8-48e8-8894-97c40c7d0c51@github.com>
Message-ID: <1Oip5LrpmmUvTsF5yI4lmafLChzYR-hr_GHizRvwoB8=.8cc35b0c-8475-4be9-84f2-ce2ec99c4f80@github.com>

On Thu, 4 Dec 2025 14:00:32 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

>> Hi all,
>> 
>> Let me propose a fix and a test case for JDK-8369950.
>> 
>> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
>> 
>> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
>> 
>> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
>> 
>> SNIHostName, as defined in
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
>> 
>> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
>> 
>> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
>> 
>> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
>> 
>> Testing:
>> - standard jtreg tests goups showed no regressions
>> - the new test passes with the fix and fails otherwise
>> - passes also with BCJSSE in FIPS and standard mode 
>> 
>> <details><summary> BCJSSE standard</summary>
>> 
>> 
>> STDOUT:
>> STDERR:
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
>> INFORMATION: Found boolean security property [keystore.type.compat]: true
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
>> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
>> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
>> WARNUNG: Ignoring unsupported entry in 'jdk.tl...
>
> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - Apply suggestions from code review
>    
>    Co-authored-by: Volkan Yaz?c? <volkan.yazici at oracle.com>
>  - addressed more review comments

@sercher 
Your change (at version 36c08741cc1f4100f62517cd91505565712bbec8) is now ready to be sponsored by a Committer.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28577#issuecomment-3625753105

From schernyshev at openjdk.org  Mon Dec  8 09:09:29 2025
From: schernyshev at openjdk.org (Sergey Chernyshev)
Date: Mon, 8 Dec 2025 09:09:29 GMT
Subject: Integrated: 8369950: TLS connection to IPv6 address fails with BCJSSE
 due to IllegalArgumentException
In-Reply-To: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
References: <SMoO6E3_oNfEqUTljjfqO-OhsRRODm36Jkpp7nz774Q=.299fa39b-4c4a-4c3f-948d-715f1e55a1f8@github.com>
Message-ID: <IL0l2K3Z-EG0so6lWLzMh-ScPd2INNG5hs50merhcow=.0e1729b7-6afe-4139-b109-00631ed4bd41@github.com>

On Mon, 1 Dec 2025 14:12:04 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:

> Hi all,
> 
> Let me propose a fix and a test case for JDK-8369950.
> 
> The failure reproduces with BCJSSE provider and all implementations of SSLSocket other than SSLSocketImpl.
> 
> In the test case an anonymous wrapper is used, over the standard SSLSocketImpl, to simulate an external JSSE provider. The test case shows the same behavior as in BCJSSE (failure due to non-LDH ASCII characters in the SNI host name).
> 
> The fix avoids constructing SNIHostName when the URL host name is an IPv4 or IPv6 literal address. Other than that, all other FQDN host names that have invalid characters (non-LDH ASCII characters) still produce that exception.
> 
> SNIHostName, as defined in
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/javax/net/ssl/SNIHostName.java#L44-L66
> 
> has the fully qualified DNS hostname of the server. As follows from the section 3, "Server Name Indication", RFC 6066, `Literal IPv4 and IPv6 addresses are not permitted in "HostName"`.
> 
> The fix mirrors the behavior of SSLSocketImpl, that avoids constructing the SNIHostName from literal addresses. Please see
> 
> https://github.com/openjdk/jdk/blob/873f8a696fa45c7d94a164be20cf3c797ce7f2a6/src/java.base/share/classes/sun/security/ssl/Utilities.java#L110-L116
> 
> Testing:
> - standard jtreg tests goups showed no regressions
> - the new test passes with the fix and fails otherwise
> - passes also with BCJSSE in FIPS and standard mode 
> 
> <details><summary> BCJSSE standard</summary>
> 
> 
> STDOUT:
> STDERR:
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
> INFORMATION: Found boolean security property [keystore.type.compat]: true
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
> INFORMATION: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': rsa_pkcs1_sha1 usage HandshakeSignature
> Dez. 01, 2025 2:44:02 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
> WARNUNG: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': ecdsa_sha1 usage HandshakeSignature
> Dez. 01, 2025 2...

This pull request has now been integrated.

Changeset: 7da91533
Author:    Sergey Chernyshev <schernyshev at openjdk.org>
Committer: Volkan Yazici <vyazici at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/7da91533aaf2033cedee6e2a56fb693f26909df5
Stats:     388 lines in 2 files changed: 386 ins; 0 del; 2 mod

8369950: TLS connection to IPv6 address fails with BCJSSE due to IllegalArgumentException

Co-authored-by: Mikhail Yankelevich <myankelevich at openjdk.org>
Reviewed-by: djelinski, vyazici, dfuchs, myankelevich

-------------

PR: https://git.openjdk.org/jdk/pull/28577

From michaelm at openjdk.org  Mon Dec  8 11:31:03 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Mon, 8 Dec 2025 11:31:03 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
Message-ID: <foJOqg7DGl8VpDSv2zNdLSIJUFp1tbW3Zok3hX2IrZc=.f59b7d3e-449a-42ad-934e-54d09b52785e@github.com>

On Fri, 5 Dec 2025 10:32:14 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix wrong indentation in package-info.java

src/jdk.httpserver/share/classes/com/sun/net/httpserver/package-info.java line 137:

> 135:            // statement above could throw IAE if any params invalid.
> 136:            // eg. if app has a UI and parameters supplied by a user.
> 137: 

Suggestion:


Suggestion is to delete the blank line

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2598240195

From djelinski at openjdk.org  Mon Dec  8 11:53:12 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 8 Dec 2025 11:53:12 GMT
Subject: RFR: 8372731: Detailed authentication failure messages
Message-ID: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>

Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.

The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.

This PR adds the original exception as the cause of the "Authentication failure" exception.

The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.

Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.

-------------

Commit messages:
 - Add test
 - Propagate low-level errors
 - Detailed authentication exceptions

Changes: https://git.openjdk.org/jdk/pull/28601/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28601&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8372731
  Stats: 302 lines in 10 files changed: 217 ins; 27 del; 58 mod
  Patch: https://git.openjdk.org/jdk/pull/28601.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28601/head:pull/28601

PR: https://git.openjdk.org/jdk/pull/28601

From dyama at openjdk.org  Mon Dec  8 12:05:20 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Mon, 8 Dec 2025 12:05:20 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v3]
In-Reply-To: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
Message-ID: <D-qZ2yGoUePMR2LnN8he5_jtmntM3Fh83Ke4LXzUHpg=.a22bbec8-513e-4469-89ae-1afb74253ecb@github.com>

> Hello mainteners,
> 
> I cleaned up inconsistent spacing across the httpserver codebase.  
> 
> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
> 2. Applied the same rule to function and constructor calls.
> 3. Normalised other spacing based on the majority style already used in the codebase.
> 4. Left spots untouched where keeping the spacing improves readability.
> 
> **This PR only adds or removes spaces. No functional changes.**
> 
> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
> I split the commits, so I can easily revert the one that touches the logic.

Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:

  Cleanup formatting and indentation in multiple classes

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28660/files
  - new: https://git.openjdk.org/jdk/pull/28660/files/48827e61..9b7a5dd3

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=01-02

  Stats: 53 lines in 21 files changed: 0 ins; 1 del; 52 mod
  Patch: https://git.openjdk.org/jdk/pull/28660.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28660/head:pull/28660

PR: https://git.openjdk.org/jdk/pull/28660

From dyama at openjdk.org  Mon Dec  8 12:05:21 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Mon, 8 Dec 2025 12:05:21 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v2]
In-Reply-To: <8fJuxM9nQEkjDXh-YRutchcGPSOCm7vxstrh5DtwS0g=.cc4493fb-7188-4e88-a9f2-5c1c9f2617a6@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <8MMOVpy5USrWhTG9iwHqYUFpuflep-hiQM293QGddOA=.5edab3f5-7cf7-4639-8f55-cb1332ccad05@github.com>
 <8fJuxM9nQEkjDXh-YRutchcGPSOCm7vxstrh5DtwS0g=.cc4493fb-7188-4e88-a9f2-5c1c9f2617a6@github.com>
Message-ID: <ppVkGG_GprVQJa6gDOBpct4VsS0kvM3noqQEKvTSgBY=.63b9afce-d65e-477d-a33c-16e6303fa4af@github.com>

On Mon, 8 Dec 2025 07:32:24 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Fix wrong indentation in package-info.java
>
> Several of these updated files will need a copyright year update. For example, in Authenticator.java, please update `2006, 2023,` to `2006, 2025,` and in DefaultHttpServerProvider.java change `2005,` to `2005, 2025,`. Please update the other updated files accordingly.

Hi @jaikiran and @Michael-Mc-Mahon,

Thanks for your reviews.
I cleaned up the spacing tweaks you pointed out.

> Several of these updated files will need a copyright year update.
> ...
> Please update the other updated files accordingly.

Since there are quite a lot of files, I'm working on updating them now.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3626565105

From dfuchs at openjdk.org  Mon Dec  8 16:25:30 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 8 Dec 2025 16:25:30 GMT
Subject: RFR: 8372731: Detailed authentication failure messages
In-Reply-To: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
Message-ID: <0hYt8KcHrUjYOWcDQSzbiJS4iNxs_YglICs-CqJmiJ0=.4dc9aa0f-9168-4c8d-bbd8-20a6c9f0ba97@github.com>

On Tue, 2 Dec 2025 11:39:23 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
> 
> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
> 
> This PR adds the original exception as the cause of the "Authentication failure" exception.
> 
> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
> 
> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.

Since more than NTLM authentication has been improved, should we test the other authentications too?

test/jdk/sun/net/www/protocol/http/NTLMFailTest.java line 77:

> 75:             HttpURLConnection uc = (HttpURLConnection) url.openConnection();
> 76:             uc.setRequestMethod("HEAD");
> 77:             uc.getInputStream().readAllBytes();

IIUC we're expecting this line to always throw IOException.
Should we throw an assertion error just after line 77 in case the expected IO is not thrown?

-------------

PR Review: https://git.openjdk.org/jdk/pull/28601#pullrequestreview-3552908556
PR Review Comment: https://git.openjdk.org/jdk/pull/28601#discussion_r2599262750

From djelinski at openjdk.org  Mon Dec  8 16:46:02 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 8 Dec 2025 16:46:02 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v3]
In-Reply-To: <zRleJHHEePZ8cvo_K0S0k0-v2OHd6sh32MVH6oLUUxk=.8a426817-9215-427a-aa7c-4062a0ec58dd@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <zRleJHHEePZ8cvo_K0S0k0-v2OHd6sh32MVH6oLUUxk=.8a426817-9215-427a-aa7c-4062a0ec58dd@github.com>
Message-ID: <vlgW72Zw00KXXf0MyxW6lEuqJpf5EGTdKFUiOXpsg1Y=.c63e4e90-e72b-4d06-889f-d24a5edcf085@github.com>

On Sat, 6 Dec 2025 12:33:38 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: HTTP/2 client should preserve error information from GOAWAY frames
>   
>   Extracts error code and debug data from GOAWAY frames with non-zero
>   error codes and includes them in exception messages. Streams above
>   lastProcessedStream are marked as unprocessed for retry; others fail
>   with the error details.

Ok, it looks pretty decent now, but the test is failing intermittently, complaining about connection reset or "EOF reached while reading". This happens sometimes when the server closes a socket while the client is writing to it. Can you stabilize the test?

-------------

PR Review: https://git.openjdk.org/jdk/pull/28632#pullrequestreview-3553017565

From daniel.fuchs at oracle.com  Mon Dec  8 16:51:22 2025
From: daniel.fuchs at oracle.com (Daniel Fuchs)
Date: Mon, 8 Dec 2025 16:51:22 +0000
Subject: jtreg test comments: /* vs /** usage
In-Reply-To: <6a852723-cc09-4956-aea3-63933f268817@oracle.com>
References: <19afa0e5181.26cbbd8791536.7686578147937895807@peya.tokyo>
 <6a852723-cc09-4956-aea3-63933f268817@oracle.com>
Message-ID: <385378f4-ae70-4d4c-a10a-8ebfa546557b@oracle.com>

Hi Daisuke,

Generally regular /* */ comments would be preferred nowadays,
but bad habits die hard ;-(
I might have been responsible for a few of the now discouraged
javadoc /** */ style.

best regards,

-- daniel

On 08/12/2025 07:06, Alan Bateman wrote:
> On 07/12/2025 18:23, Daisuke Yamazaki wrote:
>> Hello all,
>>
>> I noticed that in most jtreg tests, the standard block comment `/* ... */` is
>> used for the test directives.
>> This is also what official jtreg documentation shows.
>>
>> However, in some older tests[1], for example QUIC-related tests[2],
>> I see`/** ... */` being used instead of `/* ... */`.
>>
>> Is there any specific reason for using JavaDoc-style comments (`/** ... */`) in
>> these tests?
>> Are there cases where `/**` beginning is preferred over the regular block
>> comment for jtreg directives?
>>
> jtreg (via the JT harness) looks for @test as the first token in /* .. 
> */ comments and doc comments /** .. */.? The examples in the tag spec 
> [1] use traditional comments but the test suites in openjdk/jdk have a 
> mix. I don't recall any discussion about making this a style issue and 
> trying to be consistent.
> 
> -Alan
> 
> [1] https://openjdk.org/jtreg/tag-spec.html


From djelinski at openjdk.org  Mon Dec  8 17:31:37 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 8 Dec 2025 17:31:37 GMT
Subject: RFR: 8372731: Detailed authentication failure messages
In-Reply-To: <0hYt8KcHrUjYOWcDQSzbiJS4iNxs_YglICs-CqJmiJ0=.4dc9aa0f-9168-4c8d-bbd8-20a6c9f0ba97@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
 <0hYt8KcHrUjYOWcDQSzbiJS4iNxs_YglICs-CqJmiJ0=.4dc9aa0f-9168-4c8d-bbd8-20a6c9f0ba97@github.com>
Message-ID: <qvW7lwvxWSoNJ6qpowzKlEXEbOonXwHSdxq1CgUKMSY=.3949db1a-5b9d-427c-b9f6-34d5b30bfb13@github.com>

On Mon, 8 Dec 2025 16:23:00 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
>> 
>> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
>> 
>> This PR adds the original exception as the cause of the "Authentication failure" exception.
>> 
>> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
>> 
>> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.
>
> Since more than NTLM authentication has been improved, should we test the other authentications too?

Thanks @dfuch for the review.

NTLM was the only authentication scheme where testing this was reasonably easy:
- Basic doesn't throw exceptions,
- Digest always suppresses the exceptions and relays the 401/407 response to the user,
- I couldn't find any Kerberos / Negotiate tests I could adapt.

I'll add the suggested assertion.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28601#issuecomment-3628177440

From djelinski at openjdk.org  Mon Dec  8 19:25:23 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 8 Dec 2025 19:25:23 GMT
Subject: RFR: 8372731: Detailed authentication failure messages [v2]
In-Reply-To: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
Message-ID: <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>

> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
> 
> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
> 
> This PR adds the original exception as the cause of the "Authentication failure" exception.
> 
> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
> 
> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.

Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision:

  Fail test if no exception is thrown

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28601/files
  - new: https://git.openjdk.org/jdk/pull/28601/files/9fe45ac8..b22e8108

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28601&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28601&range=00-01

  Stats: 1 line in 1 file changed: 1 ins; 0 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/28601.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28601/head:pull/28601

PR: https://git.openjdk.org/jdk/pull/28601

From dfuchs at openjdk.org  Mon Dec  8 19:37:57 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 8 Dec 2025 19:37:57 GMT
Subject: RFR: 8372731: Detailed authentication failure messages [v2]
In-Reply-To: <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
 <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
Message-ID: <OZwh-u6BzbtMqqrT0BXkPctdPbuj6OBTJF1Ty7uSCno=.f9b46979-4819-4cb3-ab28-d0a5a8da52a4@github.com>

On Mon, 8 Dec 2025 19:25:23 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
>> 
>> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
>> 
>> This PR adds the original exception as the cause of the "Authentication failure" exception.
>> 
>> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
>> 
>> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.
>
> Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fail test if no exception is thrown

@wangweij would you mind having a look? I know you have some expertise in this area too.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28601#issuecomment-3628700368

From weijun at openjdk.org  Mon Dec  8 21:59:59 2025
From: weijun at openjdk.org (Weijun Wang)
Date: Mon, 8 Dec 2025 21:59:59 GMT
Subject: RFR: 8372731: Detailed authentication failure messages [v2]
In-Reply-To: <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
 <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
Message-ID: <_pWQ2LlISk_N3ykdDiXnq5bJ1Fof6pQ353mMO9cPSko=.cdffbea2-43c5-43c0-a6aa-63adb983e28c@github.com>

On Mon, 8 Dec 2025 19:25:23 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
>> 
>> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
>> 
>> This PR adds the original exception as the cause of the "Authentication failure" exception.
>> 
>> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
>> 
>> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.
>
> Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fail test if no exception is thrown

Any idea why `getHeaderValue` is not updated the same way? There are several places where the return value is set into a request. I have no memory of the details but it makes me feel uneasy.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28601#issuecomment-3629165171

From djelinski at openjdk.org  Tue Dec  9 07:50:56 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 9 Dec 2025 07:50:56 GMT
Subject: RFR: 8372731: Detailed authentication failure messages [v2]
In-Reply-To: <_pWQ2LlISk_N3ykdDiXnq5bJ1Fof6pQ353mMO9cPSko=.cdffbea2-43c5-43c0-a6aa-63adb983e28c@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
 <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
 <_pWQ2LlISk_N3ykdDiXnq5bJ1Fof6pQ353mMO9cPSko=.cdffbea2-43c5-43c0-a6aa-63adb983e28c@github.com>
Message-ID: <s5zTtI9Arym53pmymj8N1c_zI6MJXUznC6r-pyeO4UE=.803d96c9-0622-4b05-82ed-3b229a19544d@github.com>

On Mon, 8 Dec 2025 21:56:57 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Fail test if no exception is thrown
>
> Any reason why `getHeaderValue` is not updated the same way? There are several places where the return value is set into a request. I have no memory of the details but it makes me feel uneasy.

Thanks @wangweij for the review. I didn't want to modify any of the existing URLConnection behaviors, and authentication schemes that use `getHeaderValue` do not throw when the function fails. The schemes that use `setHeaders` were already throwing exceptions to user code sometimes, and I augmented these exceptions with additional information.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28601#issuecomment-3630834374

From michaelm at openjdk.org  Tue Dec  9 08:23:01 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Tue, 9 Dec 2025 08:23:01 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v3]
In-Reply-To: <D-qZ2yGoUePMR2LnN8he5_jtmntM3Fh83Ke4LXzUHpg=.a22bbec8-513e-4469-89ae-1afb74253ecb@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <D-qZ2yGoUePMR2LnN8he5_jtmntM3Fh83Ke4LXzUHpg=.a22bbec8-513e-4469-89ae-1afb74253ecb@github.com>
Message-ID: <MysgSViGYOrXJl0OJ8e5hEu9pTkez5OFcOvgj_DE3zY=.df201533-4354-4997-af7b-a267af9cdf8e@github.com>

On Mon, 8 Dec 2025 12:05:20 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Cleanup formatting and indentation in multiple classes

Marked as reviewed by michaelm (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28660#pullrequestreview-3556053672

From djelinski at openjdk.org  Tue Dec  9 11:19:26 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 9 Dec 2025 11:19:26 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v3]
In-Reply-To: <D-qZ2yGoUePMR2LnN8he5_jtmntM3Fh83Ke4LXzUHpg=.a22bbec8-513e-4469-89ae-1afb74253ecb@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <D-qZ2yGoUePMR2LnN8he5_jtmntM3Fh83Ke4LXzUHpg=.a22bbec8-513e-4469-89ae-1afb74253ecb@github.com>
Message-ID: <IEG-6BCc52aT_ZPr5mGDXbXfitl2UBz9Yl--jTsjSoU=.ac2fe871-62db-479d-a1ec-7a6e783887b7@github.com>

On Mon, 8 Dec 2025 12:05:20 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Cleanup formatting and indentation in multiple classes

src/jdk.httpserver/share/classes/sun/net/httpserver/ExchangeImpl.java line 190:

> 188:          *
> 189:          * if (!sentHeaders) {
> 190:          *    throw new IllegalStateException "headers not sent");

Suggestion:

         *    throw new IllegalStateException("headers not sent");

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28660#discussion_r2602205354

From dyama at openjdk.org  Tue Dec  9 11:30:51 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Tue, 9 Dec 2025 11:30:51 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v4]
In-Reply-To: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
Message-ID: <fyxgaDX13YJ5QonmI8tzjBbqXvAzRNRFpqYTTtwkAvQ=.60eb7a65-4fd4-4eed-a2ff-8b9ef56333ca@github.com>

> Hello mainteners,
> 
> I cleaned up inconsistent spacing across the httpserver codebase.  
> 
> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
> 2. Applied the same rule to function and constructor calls.
> 3. Normalised other spacing based on the majority style already used in the codebase.
> 4. Left spots untouched where keeping the spacing improves readability.
> 
> **This PR only adds or removes spaces. No functional changes.**
> 
> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
> I split the commits, so I can easily revert the one that touches the logic.

Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:

  Add a missing parenthesis
  
  Co-authored-by: Daniel Jelinski <djelinski1 at gmail.com>

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28660/files
  - new: https://git.openjdk.org/jdk/pull/28660/files/9b7a5dd3..f4888a4f

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=02-03

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/28660.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28660/head:pull/28660

PR: https://git.openjdk.org/jdk/pull/28660

From djelinski at openjdk.org  Tue Dec  9 14:01:08 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 9 Dec 2025 14:01:08 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v4]
In-Reply-To: <fyxgaDX13YJ5QonmI8tzjBbqXvAzRNRFpqYTTtwkAvQ=.60eb7a65-4fd4-4eed-a2ff-8b9ef56333ca@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <fyxgaDX13YJ5QonmI8tzjBbqXvAzRNRFpqYTTtwkAvQ=.60eb7a65-4fd4-4eed-a2ff-8b9ef56333ca@github.com>
Message-ID: <U6rJGT5Wi72QEH6ulzMEKPFyv5x8iS5RN1nyzwQfHj8=.09c5e4b2-c66f-4dcf-a1b0-74b92b0ea044@github.com>

On Tue, 9 Dec 2025 11:30:51 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add a missing parenthesis
>   
>   Co-authored-by: Daniel Jelinski <djelinski1 at gmail.com>

Marked as reviewed by djelinski (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28660#pullrequestreview-3557611067

From dfuchs at openjdk.org  Tue Dec  9 16:14:27 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 9 Dec 2025 16:14:27 GMT
Subject: RFR: 8373227: Test
 java/net/httpclient/http2/StreamFlowControlTest.java failed: should sleep time
 be raised?
Message-ID: <ah5nkk8rAPJYU9U_9oBgJefn8wwoIhqHlus2xvVLBnc=.2b7270e5-6d0b-4a18-b44e-dcbf83cf0908@github.com>

The proposed solution is to read the reponse body in two chunks instead of one, potentially allowing for the timeout to get doubled. This should not penalize the execution time in the regular case. I verified from the logs on my machine that the sleep() call was invoked only once, meaning the reading of the first 1/4 of the stream window was enough to trigger the expected exception.

-------------

Commit messages:
 - 8373227: Test java/net/httpclient/http2/StreamFlowControlTest.java failed: should sleep time be raised?

Changes: https://git.openjdk.org/jdk/pull/28726/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28726&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373227
  Stats: 17 lines in 1 file changed: 11 ins; 1 del; 5 mod
  Patch: https://git.openjdk.org/jdk/pull/28726.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28726/head:pull/28726

PR: https://git.openjdk.org/jdk/pull/28726

From dfuchs at openjdk.org  Tue Dec  9 18:01:15 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 9 Dec 2025 18:01:15 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v4]
In-Reply-To: <fyxgaDX13YJ5QonmI8tzjBbqXvAzRNRFpqYTTtwkAvQ=.60eb7a65-4fd4-4eed-a2ff-8b9ef56333ca@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <fyxgaDX13YJ5QonmI8tzjBbqXvAzRNRFpqYTTtwkAvQ=.60eb7a65-4fd4-4eed-a2ff-8b9ef56333ca@github.com>
Message-ID: <On1ZYm71sBGVAFV35WRYaHQyYNsMUrKFuyZ85qLywxw=.4fba1c0d-f87c-46f6-afa3-90cf6e6cb71a@github.com>

On Tue, 9 Dec 2025 11:30:51 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add a missing parenthesis
>   
>   Co-authored-by: Daniel Jelinski <djelinski1 at gmail.com>

I have looked at the changes and they look good. Thanks for the cleanup!
I have sent this change to the CI for a last round of checking and tests came back green.

-------------

Marked as reviewed by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28660#pullrequestreview-3558842903

From dfuchs at openjdk.org  Tue Dec  9 19:07:01 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 9 Dec 2025 19:07:01 GMT
Subject: RFR: 8372731: Detailed authentication failure messages [v2]
In-Reply-To: <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
 <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
Message-ID: <uEamb0EM33Pj5DCNbJMmmHz9mkRjzXJ8pGU6aygSBoE=.48b9cb79-8663-40c4-a2d1-d788d96e0ed2@github.com>

On Mon, 8 Dec 2025 19:25:23 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
>> 
>> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
>> 
>> This PR adds the original exception as the cause of the "Authentication failure" exception.
>> 
>> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
>> 
>> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.
>
> Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fail test if no exception is thrown

The changes are limited to private APIs so look reasonable enough to me. I have run some tests and everything seems stable enough. If @Michael-Mc-Mahon is OK with this I see no objection.

-------------

Marked as reviewed by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28601#pullrequestreview-3559228218

From vyazici at openjdk.org  Tue Dec  9 20:28:14 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Tue, 9 Dec 2025 20:28:14 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v8]
In-Reply-To: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
Message-ID: <tUfaBqFEGZPd8Im1mPlAFWJVHgHgG6gqdx9n3NQWGJM=.f6831f42-9251-4176-ab81-571a7684a3d9@github.com>

> Add guards against `HttpHeaders::firstValueAsLong` failures. `H3MalformedResponseTest` is overhauled ? migrated to JUnit, reinforced with exception type tests, etc. ? but not all `firstValueAsLong` changes are verified with new additional tests. `test/jdk/java/net/httpclient/` tests still do pass.

Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 18 commits:

 - Pull changes from upstream
 - Merge remote-tracking branch 'upstream/master' into firstValueAsLong
 - Close connection after `Content-Length` read failure in `Http1Response`
 - Insert the redundant `Http3Stream` assert back
 - Introduce dangling `firstValueAsLong("content-length")` calls back
 - Document `Http1Response::ignoreBody`
 - Remove redundant `finally`
 - Use `-1` as default in `Http3ExchangeImpl`
 - Use `readStatusCode()` in `Http3Stream`
 - Replace `orElse(null)` with `Optional` usage
 - ... and 8 more: https://git.openjdk.org/jdk/compare/786833cd...b677820c

-------------

Changes: https://git.openjdk.org/jdk/pull/28431/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28431&range=07
  Stats: 673 lines in 7 files changed: 251 ins; 128 del; 294 mod
  Patch: https://git.openjdk.org/jdk/pull/28431.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28431/head:pull/28431

PR: https://git.openjdk.org/jdk/pull/28431

From dyama at openjdk.org  Wed Dec 10 05:56:27 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Wed, 10 Dec 2025 05:56:27 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v4]
In-Reply-To: <On1ZYm71sBGVAFV35WRYaHQyYNsMUrKFuyZ85qLywxw=.4fba1c0d-f87c-46f6-afa3-90cf6e6cb71a@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <fyxgaDX13YJ5QonmI8tzjBbqXvAzRNRFpqYTTtwkAvQ=.60eb7a65-4fd4-4eed-a2ff-8b9ef56333ca@github.com>
 <On1ZYm71sBGVAFV35WRYaHQyYNsMUrKFuyZ85qLywxw=.4fba1c0d-f87c-46f6-afa3-90cf6e6cb71a@github.com>
Message-ID: <WCjWhHAqeH4FNNK9f56-we_oVmZ4RN_z8ilPvJzx9i4=.86ae5195-0f7f-4d74-809a-eea84b0a986a@github.com>

On Tue, 9 Dec 2025 17:58:00 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> I have looked at the changes and they look good. Thanks for the cleanup! I have sent this change to the CI for a last round of checking and tests came back green.

Thank you for reviewing!

> Several of these updated files will need a copyright year update. For example, in Authenticator.java, please update `2006, 2023,` to `2006, 2025,` and in DefaultHttpServerProvider.java change `2005,` to `2005, 2025,`. Please update the other updated files accordingly.

Hi @jaikiran,

The primary goal of this PR is to fix broken formatting and apply style cleanup only, I think.

In such cases, is it expected to update the copyright year for changes that are purely mechanical, such as whitespace or formatting cleanup, with no semantic impact?
My understanding was that copyright updates are typically done when there are meaningful code or semantic changes, and that updating the year for whitespace-only changes might introduce unnecessary churn.
For example, Authenticator.java was last substantively updated in 2023, and in this PR it is only being touched due to whitespace.

Personally, I would prefer to finish this PR as a formatting-only change and, if needed, handle copyright year updates separately in a dedicated batch ticket.
That said, since I am still relatively new to OpenJDK, I would appreciate clarification on the preferred practice here so I can follow the correct convention going forward.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3635510912

From jpai at openjdk.org  Wed Dec 10 06:45:31 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Wed, 10 Dec 2025 06:45:31 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v4]
In-Reply-To: <WCjWhHAqeH4FNNK9f56-we_oVmZ4RN_z8ilPvJzx9i4=.86ae5195-0f7f-4d74-809a-eea84b0a986a@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <fyxgaDX13YJ5QonmI8tzjBbqXvAzRNRFpqYTTtwkAvQ=.60eb7a65-4fd4-4eed-a2ff-8b9ef56333ca@github.com>
 <On1ZYm71sBGVAFV35WRYaHQyYNsMUrKFuyZ85qLywxw=.4fba1c0d-f87c-46f6-afa3-90cf6e6cb71a@github.com>
 <WCjWhHAqeH4FNNK9f56-we_oVmZ4RN_z8ilPvJzx9i4=.86ae5195-0f7f-4d74-809a-eea84b0a986a@github.com>
Message-ID: <WmCzJu3hpv_VgHGobPyqLY7UZM-lF8ifRpWy9MnQ0T8=.44190843-d75d-49c2-8d63-cd79c48785e2@github.com>

On Wed, 10 Dec 2025 05:54:03 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> I have looked at the changes and they look good. Thanks for the cleanup!
>> I have sent this change to the CI for a last round of checking and tests came back green.
>
>> I have looked at the changes and they look good. Thanks for the cleanup! I have sent this change to the CI for a last round of checking and tests came back green.
> 
> Thank you for reviewing!
> 
>> Several of these updated files will need a copyright year update. For example, in Authenticator.java, please update `2006, 2023,` to `2006, 2025,` and in DefaultHttpServerProvider.java change `2005,` to `2005, 2025,`. Please update the other updated files accordingly.
> 
> Hi @jaikiran,
> 
> The primary goal of this PR is to fix broken formatting and apply style cleanup only, I think.
> 
> In such cases, is it expected to update the copyright year for changes that are purely mechanical, such as whitespace or formatting cleanup, with no semantic impact?
> My understanding was that copyright updates are typically done when there are meaningful code or semantic changes, and that updating the year for whitespace-only changes might introduce unnecessary churn.
> For example, Authenticator.java was last substantively updated in 2023, and in this PR it is only being touched due to whitespace.
> 
> Personally, I would prefer to finish this PR as a formatting-only change and, if needed, handle copyright year updates separately in a dedicated batch ticket.
> That said, since I am still relatively new to OpenJDK, I would appreciate clarification on the preferred practice here so I can follow the correct convention going forward.

Hello @PeyaPeyaPeyang,

> In such cases, is it expected to update the copyright year for changes that are purely mechanical, such as whitespace or formatting cleanup, with no semantic impact?

The year in the Oracle copyright header line is expected to be updated for any change to the files that have that Oracle copyright header. For example, the `src/jdk.httpserver/share/classes/com/sun/net/httpserver/Authenticator.java` file should have this line:
> Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.

updated to

> Copyright (c) 2006, 2025, Oracle and/or its affiliates. All rights reserved.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3635624286

From djelinski at openjdk.org  Wed Dec 10 07:38:22 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 10 Dec 2025 07:38:22 GMT
Subject: RFR: 8373227: Test
 java/net/httpclient/http2/StreamFlowControlTest.java failed: should sleep time
 be raised?
In-Reply-To: <ah5nkk8rAPJYU9U_9oBgJefn8wwoIhqHlus2xvVLBnc=.2b7270e5-6d0b-4a18-b44e-dcbf83cf0908@github.com>
References: <ah5nkk8rAPJYU9U_9oBgJefn8wwoIhqHlus2xvVLBnc=.2b7270e5-6d0b-4a18-b44e-dcbf83cf0908@github.com>
Message-ID: <UwYhTaYU0N-2hatcY103ScjFJm75YT3qyONdINqNUQA=.c9116c06-7fa7-4ffd-b921-f3051cb607f9@github.com>

On Tue, 9 Dec 2025 16:06:24 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The proposed solution is to read the reponse body in two chunks instead of one, potentially allowing for the timeout to get doubled. This should not penalize the execution time in the regular case. I verified from the logs on my machine that the sleep() call was invoked only once, meaning the reading of the first 1/4 of the stream window was enough to trigger the expected exception.

Marked as reviewed by djelinski (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28726#pullrequestreview-3561150426

From smonteith at openjdk.org  Wed Dec 10 09:06:32 2025
From: smonteith at openjdk.org (Stuart Monteith)
Date: Wed, 10 Dec 2025 09:06:32 GMT
Subject: RFR: 8371260: Improve scaling of downcalls using MemorySegments
 allocated with shared arenas.
In-Reply-To: <bRv8yWeVDg2jzpODllmKdUyYNv0gOncJMafGKRwAPk0=.06fdbd85-742c-4034-99cc-facc3ec753b6@github.com>
References: <PtMqGiSOL-vqJtsEQxESSNZKmkppc-ZWz9LR0Y01Hsw=.7b19a034-fe50-48c7-bd08-5942330059ff@github.com>
 <bRv8yWeVDg2jzpODllmKdUyYNv0gOncJMafGKRwAPk0=.06fdbd85-742c-4034-99cc-facc3ec753b6@github.com>
Message-ID: <i-nY8MpYuxQW-rkgNhCLg7APYW3VS3L35SBpcp0dcbo=.39cdbdb4-0eed-4b1e-9ac3-a6e3ec7efbde@github.com>

On Sat, 6 Dec 2025 12:55:37 GMT, ExE Boss <duke at openjdk.org> wrote:

>> MemorySegments allocated from shared Arena from
>> java.lang.foreign.Arena.ofShared() have their lifecycle controlled by jdk.internal.foreign.SharedSession. This class ensures that the MemorySegments can't be freed until after a thread has called Arena.close(). This is implemented using a counter that is atomically incremented when used, and decremented when not used, on every invocation of a downcall. While shared Arenas allow any thread to use it and to close it, this tracking has a cost when multiple threads are contended on it. This patch changes the implementation to use multiple counters to reduce contention. sun.nio.ch.IOUtil, java.nio.Buffer and sun.nio.ch.SimpleAsynchronousFileChannelImpl are modified as they have threads releasing the scope different from the ones that allocated them, so a ticket that tracks the counter has to be passed over.
>> 
>> The microbenchmark org.openjdk.bench.java.lang.foreign. CallOverheadConstant.panama_identity_memory_address_shared_3 was used to generate the following results. The scalability was checked on a number of platforms with the JMH parameter "-t" specifying the number of threads. Measurements are in ns/op .
>> 
>> The hardware are the Neoverse-N1, N2, V1 and V2, Intel Xeon 8375c and the AMD Epyc 9654.
>> 
>> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
>> |---------|-------|-------|-------|-------|-------|-------|
>> |    1  |    30.88   |   32.15  |    33.54  |    32.82  |    27.46  |     8.45 |
>> |   2    | 142.56    | 134.48  |   132.01 |    131.50 |    116.68   |   46.53 |
>> |  4    |  310.18   |  282.75  |   287.59  |   271.82  |   251.88   |   86.11 |
>> |  8    |  702.02   |  710.29  |   736.72  |   670.63  |   533.46   |  194.60 |
>> |   16  |  1,436.17 |  1,684.80 |  1,833.69 |  1,782.78 |  1,100.15 |    827.28 |
>> |  24  | 2,185.55 |  2,508.86 |  2,732.22 |  2,815.26 |  1,646.09 |  1,530.28  |
>> |   32  | 2,942.48 |  3,432.84 |  3,643.64 |  3,782.23 |  2,236.81 |  2,278.52 |
>> |   48  | 4,466.56 |  5,174.72 |  5,401.95 |  5,621.41 |  4,926.30  | 3,026.58 |
>> 
>> After:
>> 
>> | Threads |   N1   |      N2   |         V1  |       V2   |    Xeon   |    Epyc |
>> |---------|-------|-------|-------|-------|-------|-------|
>> |    1  |    32.41  |    32.11  |    34.43  |  31.32  |    27.94  |     9.82 |
>> |    2  |    32.64  |    33.72  |    35.11  |  31.30  |    28.02  |     9.81 |
>> |    4  |    32.71  |    36.84  |    34.67  |  31.35  |   28.12   |   10.49 |
>> |    8  |    58...
>
> src/java.base/share/classes/jdk/internal/foreign/SharedSession.java line 89:
> 
>> 87:     @ForceInline
>> 88:     private int getCounter() {
>> 89:         return Thread.currentThread().hashCode() & mask;
> 
> Maybe use?[`System?::identityHashCode`] here?instead, as?the?`hashCode()`?method of?a?`Thread` can?be?overridden by?subclasses.
> Suggestion:
> 
>         return System.identityHashCode(Thread.currentThread()) & mask;
> 
> 
> [`System?::identityHashCode`]: https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/lang/System.html#identityHashCode%28java.lang.Object%29

Thanks - that's a good suggestion.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28575#discussion_r2605783455

From duke at openjdk.org  Wed Dec 10 10:06:47 2025
From: duke at openjdk.org (EunHyunsu)
Date: Wed, 10 Dec 2025 10:06:47 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v4]
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <2Lvtc2vKl3TlyCJ4oVUgRAUE53ZPO-5KcPdUE6EKdYE=.aba76736-1389-41ee-93b1-a029e1779eae@github.com>

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:

  8371903: HTTP/2 client should preserve error information from GOAWAY frames
  
  Extracts error code and debug data from GOAWAY frames with non-zero
  error codes and includes them in exception messages. Streams above
  lastProcessedStream are marked as unprocessed for retry; others fail
  with the error details.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28632/files
  - new: https://git.openjdk.org/jdk/pull/28632/files/2b100424..88129888

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=02-03

  Stats: 2 lines in 1 file changed: 0 ins; 1 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/28632.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28632/head:pull/28632

PR: https://git.openjdk.org/jdk/pull/28632

From duke at openjdk.org  Wed Dec 10 10:06:48 2025
From: duke at openjdk.org (EunHyunsu)
Date: Wed, 10 Dec 2025 10:06:48 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v2]
In-Reply-To: <IHJLGv61x24HknUGATosgO0m_5ZVL1K7ywe_0yOgybY=.128e27aa-268b-4cb5-8f36-b1c514505319@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>
 <q29VI2Hh95ZK2dsurWrbM8ufdAtM6QdEVUisd5QPERs=.a2f5d691-48cb-422b-8cb7-8d69c36b864a@github.com>
 <IHJLGv61x24HknUGATosgO0m_5ZVL1K7ywe_0yOgybY=.128e27aa-268b-4cb5-8f36-b1c514505319@github.com>
Message-ID: <UX7u_JA4LtD40Wbw3c0_4WI3UHvZJxkPmml3nCxqT6Q=.5002b7f3-0438-42b4-810f-ddb70869ce9a@github.com>

On Fri, 5 Dec 2025 09:48:59 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>>> * Modified `handleGoAway()` to check error code and route appropriately
>>> 
>>> * Added `handleGoAwayWithError()` method that:
>>>   
>>>   * Extracts error code and debug data from GOAWAY frame
>>>   * Creates meaningful error messages with error name, hex code, and debug data
>>>   * Properly categorizes streams for retry or failure
>> 
>> This looks quite similar to something I have proposed here:
>> 
>> - https://github.com/laeubi/java-http-client/issues/8
>> 
>> As mentioned there, I think having a generic Exception with a STRING(!) message is not really something useful. I would suggest to add an own exception type so the client code is able to extract further details in a semantic way.
>
> Hi @laeubi, yes it's related to your report. The point of this PR is to bring HTTP2 on par with HTTP3, which throws an exception with a string message. Specialized exception can be handled as a future enhancement, but I'd like to see some evidence that it would be useful to users.

@djelinski Fixed the intermittent test failures:
  - Removed `close()` call after GOAWAY to avoid connection reset errors
  - Server now relies on Http2TestServer for connection cleanup
  - Tested 10 times locally, all passed

  Should be stable now. Please review when you get a chance

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3636294996

From dfuchs at openjdk.org  Wed Dec 10 12:11:37 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 10 Dec 2025 12:11:37 GMT
Subject: Integrated: 8373227: Test
 java/net/httpclient/http2/StreamFlowControlTest.java failed: should sleep time
 be raised?
In-Reply-To: <ah5nkk8rAPJYU9U_9oBgJefn8wwoIhqHlus2xvVLBnc=.2b7270e5-6d0b-4a18-b44e-dcbf83cf0908@github.com>
References: <ah5nkk8rAPJYU9U_9oBgJefn8wwoIhqHlus2xvVLBnc=.2b7270e5-6d0b-4a18-b44e-dcbf83cf0908@github.com>
Message-ID: <DOeIDp9VcB_D9-aRDrnHwsbM-BHVWgs_SikPZtCM10w=.6d270f76-5233-40a9-b7a1-47e94db31168@github.com>

On Tue, 9 Dec 2025 16:06:24 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The proposed solution is to read the reponse body in two chunks instead of one, potentially allowing for the timeout to get doubled. This should not penalize the execution time in the regular case. I verified from the logs on my machine that the sleep() call was invoked only once, meaning the reading of the first 1/4 of the stream window was enough to trigger the expected exception.

This pull request has now been integrated.

Changeset: b58e3b60
Author:    Daniel Fuchs <dfuchs at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/b58e3b600bb14bf7133eda0c37a4be4c82919d79
Stats:     17 lines in 1 file changed: 11 ins; 1 del; 5 mod

8373227: Test java/net/httpclient/http2/StreamFlowControlTest.java failed: should sleep time be raised?

Reviewed-by: djelinski

-------------

PR: https://git.openjdk.org/jdk/pull/28726

From dfuchs at openjdk.org  Wed Dec 10 12:29:29 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 10 Dec 2025 12:29:29 GMT
Subject: RFR: 8373362: Http3TestServer should not log an exception stack trace
 when it is stopping normally
Message-ID: <WQ71Ry2KG_j4e3eXwaliTWaoUn5_kiaB9-sEbVx0mlw=.031af8ef-7ed2-4b09-815b-54099491a024@github.com>

This a test fix only. The Http3TestServer has an additional level of logging that will print a full stack trace if an exception is thrown by the exchange handler. Printing the full stack trace is not helpful when the underlying server is stopping due to no error (typically when stop() is being called), and can clutter the log, making them more difficult to analyze.

This change turns off calling Throwable.printStackTrace() in such a case.

-------------

Commit messages:
 - 8373362: Http3Server should not log an exception stack trace when it is stopping normally

Changes: https://git.openjdk.org/jdk/pull/28743/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28743&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373362
  Stats: 23 lines in 2 files changed: 22 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/28743.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28743/head:pull/28743

PR: https://git.openjdk.org/jdk/pull/28743

From jpai at openjdk.org  Wed Dec 10 12:41:24 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Wed, 10 Dec 2025 12:41:24 GMT
Subject: RFR: 8373362: Http3TestServer should not log an exception stack
 trace when it is stopping normally
In-Reply-To: <WQ71Ry2KG_j4e3eXwaliTWaoUn5_kiaB9-sEbVx0mlw=.031af8ef-7ed2-4b09-815b-54099491a024@github.com>
References: <WQ71Ry2KG_j4e3eXwaliTWaoUn5_kiaB9-sEbVx0mlw=.031af8ef-7ed2-4b09-815b-54099491a024@github.com>
Message-ID: <Tazi8KXN0kYEE0JPLlWx8bIA38BGAEjK_GtSlqr_tLg=.8237f53b-43ec-4ded-964a-9e72a25cd769@github.com>

On Wed, 10 Dec 2025 12:19:54 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> This a test fix only. The Http3TestServer has an additional level of logging that will print a full stack trace if an exception is thrown by the exchange handler. Printing the full stack trace is not helpful when the underlying server is stopping due to no error (typically when stop() is being called), and can clutter the log, making them more difficult to analyze.
> 
> This change turns off calling Throwable.printStackTrace() in such a case.

Looks good and trivial to me.

-------------

Marked as reviewed by jpai (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28743#pullrequestreview-3562355039

From djelinski at openjdk.org  Wed Dec 10 13:46:26 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 10 Dec 2025 13:46:26 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v2]
In-Reply-To: <UX7u_JA4LtD40Wbw3c0_4WI3UHvZJxkPmml3nCxqT6Q=.5002b7f3-0438-42b4-810f-ddb70869ce9a@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>
 <q29VI2Hh95ZK2dsurWrbM8ufdAtM6QdEVUisd5QPERs=.a2f5d691-48cb-422b-8cb7-8d69c36b864a@github.com>
 <IHJLGv61x24HknUGATosgO0m_5ZVL1K7ywe_0yOgybY=.128e27aa-268b-4cb5-8f36-b1c514505319@github.com>
 <UX7u_JA4LtD40Wbw3c0_4WI3UHvZJxkPmml3nCxqT6Q=.5002b7f3-0438-42b4-810f-ddb70869ce9a@github.com>
Message-ID: <l2pvmKcO4iJXohh1G5x10JSh4LRtn0gRbLOoEVQUJX8=.1368efb9-32a9-48ab-a339-bfce15f860ce@github.com>

On Wed, 10 Dec 2025 10:04:14 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> Hi @laeubi, yes it's related to your report. The point of this PR is to bring HTTP2 on par with HTTP3, which throws an exception with a string message. Specialized exception can be handled as a future enhancement, but I'd like to see some evidence that it would be useful to users.
>
> @djelinski Fixed the intermittent test failures:
>   - Removed `close()` call after GOAWAY to avoid connection reset errors
>   - Server now relies on Http2TestServer for connection cleanup
>   - Tested 10 times locally, all passed
> 
>   Should be stable now. Please review when you get a chance

@ehs208  thanks for that, the test looks stable now.

Looking at the test logs, I realized why the `goAwaySentLatch.await` was where you originally had it; now that it's after all 3 requests, the requests are sent on 3 distinct connections, which is not what we want. Please move it back to its original position (after sending first request). Sorry for my confusion.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3637155681

From duke at openjdk.org  Wed Dec 10 14:14:05 2025
From: duke at openjdk.org (EunHyunsu)
Date: Wed, 10 Dec 2025 14:14:05 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v2]
In-Reply-To: <l2pvmKcO4iJXohh1G5x10JSh4LRtn0gRbLOoEVQUJX8=.1368efb9-32a9-48ab-a339-bfce15f860ce@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>
 <q29VI2Hh95ZK2dsurWrbM8ufdAtM6QdEVUisd5QPERs=.a2f5d691-48cb-422b-8cb7-8d69c36b864a@github.com>
 <IHJLGv61x24HknUGATosgO0m_5ZVL1K7ywe_0yOgybY=.128e27aa-268b-4cb5-8f36-b1c514505319@github.com>
 <UX7u_JA4LtD40Wbw3c0_4WI3UHvZJxkPmml3nCxqT6Q=.5002b7f3-0438-42b4-810f-ddb70869ce9a@github.com>
 <l2pvmKcO4iJXohh1G5x10JSh4LRtn0gRbLOoEVQUJX8=.1368efb9-32a9-48ab-a339-bfce15f860ce@github.com>
Message-ID: <yJuQIlqc9vfLA33ye_gMCUgPo1pl9g2Jl04S1nWsWM8=.721a8ba7-61a5-442f-9903-365e3db31af0@github.com>

On Wed, 10 Dec 2025 13:43:18 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> @djelinski Fixed the intermittent test failures:
>>   - Removed `close()` call after GOAWAY to avoid connection reset errors
>>   - Server now relies on Http2TestServer for connection cleanup
>>   - Tested 10 times locally, all passed
>> 
>>   Should be stable now. Please review when you get a chance
>
> @ehs208  thanks for that, the test looks stable now.
> 
> Looking at the test logs, I realized why the `goAwaySentLatch.await` was where you originally had it; now that it's after all 3 requests, the requests are sent on 3 distinct connections, which is not what we want. Please move it back to its original position (after sending first request). Sorry for my confusion.

@djelinski I moved the goAwaySentLatch.await() back to its original position (after the first request, before second/third).

However, after testing locally, I'm seeing the same behavior - all 3 requests create separate connections. I believe this is expected because:

1. First request uses connection 1
2. Server sends GOAWAY, connection 1 receives it
3. Second and third requests are retried on new connections (2 and 3)

Since requests 2 and 3 are retries after GOAWAY, they naturally go to new connections. The await position doesn't change this - it just controls when the retries are sent.

Could you clarify what connection behavior you're expecting? The test is passing and correctly verifies that:
- Exactly 1 request fails with GOAWAY error details
- Exactly 2 requests succeed after retry

Let me know if I'm missing something!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3637270759

From djelinski at openjdk.org  Wed Dec 10 14:28:34 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 10 Dec 2025 14:28:34 GMT
Subject: RFR: 8373362: Http3TestServer should not log an exception stack
 trace when it is stopping normally
In-Reply-To: <WQ71Ry2KG_j4e3eXwaliTWaoUn5_kiaB9-sEbVx0mlw=.031af8ef-7ed2-4b09-815b-54099491a024@github.com>
References: <WQ71Ry2KG_j4e3eXwaliTWaoUn5_kiaB9-sEbVx0mlw=.031af8ef-7ed2-4b09-815b-54099491a024@github.com>
Message-ID: <r9JEGm5bsY9L4XTDY5Rl08Lio1vChKMC6BWAP0GkqJc=.c0e9c63d-172b-4a61-8e76-524b2a0709e7@github.com>

On Wed, 10 Dec 2025 12:19:54 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> This a test fix only. The Http3TestServer has an additional level of logging that will print a full stack trace if an exception is thrown by the exchange handler. Printing the full stack trace is not helpful when the underlying server is stopping due to no error (typically when stop() is being called), and can clutter the log, making them more difficult to analyze.
> 
> This change turns off calling Throwable.printStackTrace() in such a case.

Marked as reviewed by djelinski (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28743#pullrequestreview-3562818471

From duke at openjdk.org  Wed Dec 10 14:32:05 2025
From: duke at openjdk.org (EunHyunsu)
Date: Wed, 10 Dec 2025 14:32:05 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v5]
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:

  8371903: Move goAwaySentLatch.await() back to original position
  
  Move the await call to after the first request but before the second
  and third requests, ensuring only one initial connection is created
  and the other requests are properly retried.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28632/files
  - new: https://git.openjdk.org/jdk/pull/28632/files/88129888..6dc77e1b

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=04
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=03-04

  Stats: 8 lines in 1 file changed: 4 ins; 4 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/28632.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28632/head:pull/28632

PR: https://git.openjdk.org/jdk/pull/28632

From duke at openjdk.org  Wed Dec 10 14:32:06 2025
From: duke at openjdk.org (EunHyunsu)
Date: Wed, 10 Dec 2025 14:32:06 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v2]
In-Reply-To: <l2pvmKcO4iJXohh1G5x10JSh4LRtn0gRbLOoEVQUJX8=.1368efb9-32a9-48ab-a339-bfce15f860ce@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <zvreHk2l2RP7rNyHqrqAnqVV1gcFJdJ51huWw-yoGdg=.ca1fc6fe-3b29-48e3-9e88-3366421783e2@github.com>
 <q29VI2Hh95ZK2dsurWrbM8ufdAtM6QdEVUisd5QPERs=.a2f5d691-48cb-422b-8cb7-8d69c36b864a@github.com>
 <IHJLGv61x24HknUGATosgO0m_5ZVL1K7ywe_0yOgybY=.128e27aa-268b-4cb5-8f36-b1c514505319@github.com>
 <UX7u_JA4LtD40Wbw3c0_4WI3UHvZJxkPmml3nCxqT6Q=.5002b7f3-0438-42b4-810f-ddb70869ce9a@github.com>
 <l2pvmKcO4iJXohh1G5x10JSh4LRtn0gRbLOoEVQUJX8=.1368efb9-32a9-48ab-a339-bfce15f860ce@github.com>
Message-ID: <rt_6wtmM5nk7JD-4BFk244T31z_XFY5SEX9WnaEoS_c=.52215e76-2db6-48cd-87fe-b99f3e72e6de@github.com>

On Wed, 10 Dec 2025 13:43:18 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> @djelinski Fixed the intermittent test failures:
>>   - Removed `close()` call after GOAWAY to avoid connection reset errors
>>   - Server now relies on Http2TestServer for connection cleanup
>>   - Tested 10 times locally, all passed
>> 
>>   Should be stable now. Please review when you get a chance
>
> @ehs208  thanks for that, the test looks stable now.
> 
> Looking at the test logs, I realized why the `goAwaySentLatch.await` was where you originally had it; now that it's after all 3 requests, the requests are sent on 3 distinct connections, which is not what we want. Please move it back to its original position (after sending first request). Sorry for my confusion.

@djelinski Oops, you're right! I moved `goAwaySentLatch.await()` back to its original position and now it works as expected - only 1 connection is created initially, and the other 2 are retries. Tested locally and all passed.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3637345928

From djelinski at openjdk.org  Wed Dec 10 14:38:45 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 10 Dec 2025 14:38:45 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v5]
In-Reply-To: <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
Message-ID: <KkNSoGpUvOIwJKdHS5TKH3dAxPcMhOK4Ep-Fspvy5Qs=.be1e3a5d-a675-4e48-954b-211bc0938c32@github.com>

On Wed, 10 Dec 2025 14:32:05 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Move goAwaySentLatch.await() back to original position
>   
>   Move the await call to after the first request but before the second
>   and third requests, ensuring only one initial connection is created
>   and the other requests are properly retried.

Marked as reviewed by djelinski (Reviewer).

Right, we only create one connection initially, and requests 2 and 3 are usually sent over the first connection before they are retried on new connections. This can be observed in the server logs as `resetting stream 3 as REFUSED_STREAM`. Ideally the server should not send anything after sending the GOAWAY frame with error, but I think what we have is good enough,

-------------

PR Review: https://git.openjdk.org/jdk/pull/28632#pullrequestreview-3562866791
PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3637384654

From duke at openjdk.org  Wed Dec 10 14:43:50 2025
From: duke at openjdk.org (EunHyunsu)
Date: Wed, 10 Dec 2025 14:43:50 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v5]
In-Reply-To: <KkNSoGpUvOIwJKdHS5TKH3dAxPcMhOK4Ep-Fspvy5Qs=.be1e3a5d-a675-4e48-954b-211bc0938c32@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
 <KkNSoGpUvOIwJKdHS5TKH3dAxPcMhOK4Ep-Fspvy5Qs=.be1e3a5d-a675-4e48-954b-211bc0938c32@github.com>
Message-ID: <i96eIe7402CpHyQG9V5gq_zIMyPQjMehD-G4dNUEffA=.a1cafd3f-4149-4c1d-979c-a70da292a065@github.com>

On Wed, 10 Dec 2025 14:35:29 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8371903: Move goAwaySentLatch.await() back to original position
>>   
>>   Move the await call to after the first request but before the second
>>   and third requests, ensuring only one initial connection is created
>>   and the other requests are properly retried.
>
> Right, we only create one connection initially, and requests 2 and 3 are usually sent over the first connection before they are retried on new connections. This can be observed in the server logs as `resetting stream 3 as REFUSED_STREAM`. Ideally the server should not send anything after sending the GOAWAY frame with error, but I think what we have is good enough,

@djelinski Thanks for the explanation. That makes sense.
If there?s an opportunity in the future, I?d be happy to help clean that part up as well.
Appreciate your guidance.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3637412226

From duke at openjdk.org  Wed Dec 10 14:47:07 2025
From: duke at openjdk.org (duke)
Date: Wed, 10 Dec 2025 14:47:07 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v5]
In-Reply-To: <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
Message-ID: <DNgcv6Qm0ZAKt49J8Gm0UOWlYnRn7AUZkBdlmARE2Ns=.13b824d0-8477-4da5-92ee-c6ea9aba14c7@github.com>

On Wed, 10 Dec 2025 14:32:05 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Move goAwaySentLatch.await() back to original position
>   
>   Move the await call to after the first request but before the second
>   and third requests, ensuring only one initial connection is created
>   and the other requests are properly retried.

@ehs208 
Your change (at version 6dc77e1b266e30aa2e0b4c0bcf0067e06b65df0f) is now ready to be sponsored by a Committer.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3637424316

From dfuchs at openjdk.org  Wed Dec 10 15:17:41 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 10 Dec 2025 15:17:41 GMT
Subject: Integrated: 8373362: Http3TestServer should not log an exception stack
 trace when it is stopping normally
In-Reply-To: <WQ71Ry2KG_j4e3eXwaliTWaoUn5_kiaB9-sEbVx0mlw=.031af8ef-7ed2-4b09-815b-54099491a024@github.com>
References: <WQ71Ry2KG_j4e3eXwaliTWaoUn5_kiaB9-sEbVx0mlw=.031af8ef-7ed2-4b09-815b-54099491a024@github.com>
Message-ID: <YiY5YtYb0waP13Mw6JLzwBMmW_KzNRQZpIdr3VJCGJw=.6b2c5209-ef17-49e9-adec-1d5113332980@github.com>

On Wed, 10 Dec 2025 12:19:54 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> This a test fix only. The Http3TestServer has an additional level of logging that will print a full stack trace if an exception is thrown by the exchange handler. Printing the full stack trace is not helpful when the underlying server is stopping due to no error (typically when stop() is being called), and can clutter the log, making them more difficult to analyze.
> 
> This change turns off calling Throwable.printStackTrace() in such a case.

This pull request has now been integrated.

Changeset: 54430a87
Author:    Daniel Fuchs <dfuchs at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/54430a87226096725b13f05326d08629420657ca
Stats:     23 lines in 2 files changed: 22 ins; 0 del; 1 mod

8373362: Http3TestServer should not log an exception stack trace when it is stopping normally

Reviewed-by: jpai, djelinski

-------------

PR: https://git.openjdk.org/jdk/pull/28743

From michaelm at openjdk.org  Wed Dec 10 15:37:46 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Wed, 10 Dec 2025 15:37:46 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew
Message-ID: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>

Hi,

This change updates the use of NET_ThrowNew in Inet4AddressImpl.c + Inet6AddressImpl.c (unix).
Currently EINTR is incorrectly handled in NET_ThrowNew to throw InterruptedIOException.

The only possible places in these files where EINTR can be returned is in the sendto() calls
for ping4() and ping6() used by the InetAddress.isReachable() API.

The change checks for EINTR returned from those calls and restarts the sendto()
if the timeout allows it. If EINTR is detected by NET_ThrowNew it is thrown as an ordinary
SocketException, but this should not happen.

The fix is only partially tested as it is difficult to make sendto() return EINTR in practice, but
I added a unit test for the new native function that checks if the timeout has expired.

Thanks,
Michael

-------------

Commit messages:
 - Merge branch 'master' into EINTR-8370655
 - copyright
 - impl update
 - fix impl error
 - fix whitespace
 - impl and test update prior to cleanup
 - update impl
 - initial impl

Changes: https://git.openjdk.org/jdk/pull/28750/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28750&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8370655
  Stats: 538 lines in 8 files changed: 533 ins; 3 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28750.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28750/head:pull/28750

PR: https://git.openjdk.org/jdk/pull/28750

From alanb at openjdk.org  Wed Dec 10 15:48:17 2025
From: alanb at openjdk.org (Alan Bateman)
Date: Wed, 10 Dec 2025 15:48:17 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew
In-Reply-To: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
Message-ID: <X3NJdrRGpZU7UY_3kNzBPsj-LUT5t0DCLx4ASWVYHBg=.53ff5fa6-6f80-4877-9f4b-5b4642a50a9e@github.com>

On Wed, 10 Dec 2025 15:29:51 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

> Hi,
> 
> This change updates the use of NET_ThrowNew in Inet4AddressImpl.c + Inet6AddressImpl.c (unix).
> Currently EINTR is incorrectly handled in NET_ThrowNew to throw InterruptedIOException.
> 
> The only possible places in these files where EINTR can be returned is in the sendto() calls
> for ping4() and ping6() used by the InetAddress.isReachable() API.
> 
> The change checks for EINTR returned from those calls and restarts the sendto()
> if the timeout allows it. If EINTR is detected by NET_ThrowNew it is thrown as an ordinary
> SocketException, but this should not happen.
> 
> The fix is only partially tested as it is difficult to make sendto() return EINTR in practice, but
> I added a unit test for the new native function that checks if the timeout has expired.
> 
> Thanks,
> Michael

src/java.base/unix/native/libnet/Inet4AddressImpl.c line 401:

> 399:         icmp->icmp_cksum = in_cksum((u_short *)icmp, plen);
> 400:         // send it
> 401:         while (1) {

Are you sure it is possible for sendto to block indefinitely here? Maybe EINTR is possible but I think it would be okay to retry unconditionally, meaning I don't think timerMillisExpired is needed here.

Are you sure that we restart for the other blocking syscalls (poll, recvfrom, ...) in these methods?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28750#discussion_r2607193936

From dfuchs at openjdk.org  Wed Dec 10 16:08:55 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 10 Dec 2025 16:08:55 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v5]
In-Reply-To: <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
Message-ID: <sXUITMqpYdDSmLxXd4wDUZDm_w2vB1Ypa_9co0kPkhU=.19ebf879-d790-4975-9cab-8b0df8d4ce21@github.com>

On Wed, 10 Dec 2025 14:32:05 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Move goAwaySentLatch.await() back to original position
>   
>   Move the await call to after the first request but before the second
>   and third requests, ensuring only one initial connection is created
>   and the other requests are properly retried.

Changes requested by dfuchs (Reviewer).

test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 114:

> 112:         if (!goAwaySentLatch.await(5, TimeUnit.SECONDS)) {
> 113:             throw new AssertionError("GOAWAY not sent in time");
> 114:         }

You should at least use Utils.adjustTimeout() here to make sure the timeout is adjusted when the timeout factor increases. Some configurations - like running with debug builds, can increase latency times significantly.

test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 123:

> 121: 
> 122:         CompletableFuture.allOf(first, second, third)
> 123:                 .orTimeout(20, TimeUnit.SECONDS)

Same here.

test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 188:

> 186:             secondRequestHandled.set(true);
> 187:             System.out.println("Handler: successfully handling retried request");
> 188:             exchange.sendResponseHeaders(200, 0);

This is an Http2Handler - so IIRC 0 means size unknown (not that it matters much in the case of HTTP/2 - it means the size will be known when response body is closed, and no content-length header will be sent in the headers). Typically - if some data was being sent, it means that an additional data frame of size 0 and carrying the END_STREAM flag would be sent when the body is closed. We're sending no body - so we're only going to send the empty DATA_FRAME. 

IIRC - if you had passed -1 (meaning 0 bytes in reply) - the END_STREAM would be carried by the HEADER frame instead and no empty DATA_FRAME would be sent.

This is just for the record. I think what you have is good.

-------------

PR Review: https://git.openjdk.org/jdk/pull/28632#pullrequestreview-3563260020
PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2607222458
PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2607224602
PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2607248080

From michaelm at openjdk.org  Wed Dec 10 16:09:59 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Wed, 10 Dec 2025 16:09:59 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew
In-Reply-To: <X3NJdrRGpZU7UY_3kNzBPsj-LUT5t0DCLx4ASWVYHBg=.53ff5fa6-6f80-4877-9f4b-5b4642a50a9e@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
 <X3NJdrRGpZU7UY_3kNzBPsj-LUT5t0DCLx4ASWVYHBg=.53ff5fa6-6f80-4877-9f4b-5b4642a50a9e@github.com>
Message-ID: <F3nKMd9RSYED_T_Wdm7G8UVVaUvLpyWJ_eTLvuZolw4=.6ef6b9f8-0a80-4f8d-94d6-51fea9f08624@github.com>

On Wed, 10 Dec 2025 15:45:35 GMT, Alan Bateman <alanb at openjdk.org> wrote:

>> Hi,
>> 
>> This change updates the use of NET_ThrowNew in Inet4AddressImpl.c + Inet6AddressImpl.c (unix).
>> Currently EINTR is incorrectly handled in NET_ThrowNew to throw InterruptedIOException.
>> 
>> The only possible places in these files where EINTR can be returned is in the sendto() calls
>> for ping4() and ping6() used by the InetAddress.isReachable() API.
>> 
>> The change checks for EINTR returned from those calls and restarts the sendto()
>> if the timeout allows it. If EINTR is detected by NET_ThrowNew it is thrown as an ordinary
>> SocketException, but this should not happen.
>> 
>> The fix is only partially tested as it is difficult to make sendto() return EINTR in practice, but
>> I added a unit test for the new native function that checks if the timeout has expired.
>> 
>> Thanks,
>> Michael
>
> src/java.base/unix/native/libnet/Inet4AddressImpl.c line 401:
> 
>> 399:         icmp->icmp_cksum = in_cksum((u_short *)icmp, plen);
>> 400:         // send it
>> 401:         while (1) {
> 
> Are you sure it is possible for sendto to block indefinitely here? Maybe EINTR is possible but I think it would be okay to retry unconditionally, meaning I don't think timerMillisExpired is needed here.
> 
> Are you sure that we restart for the other blocking syscalls (poll, recvfrom, ...) in these methods?

Oops. Didn't notice I had left the other calls out. Will add them now.

As for sendto() it's a lot less likely to block and I doubt it can block indefinitely, but I imagine it can block if socket buffer is full. I don't have a strong preference. If EINTR can be returned maybe it should be handled the same way?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28750#discussion_r2607281100

From alanb at openjdk.org  Wed Dec 10 16:29:16 2025
From: alanb at openjdk.org (Alan Bateman)
Date: Wed, 10 Dec 2025 16:29:16 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew
In-Reply-To: <F3nKMd9RSYED_T_Wdm7G8UVVaUvLpyWJ_eTLvuZolw4=.6ef6b9f8-0a80-4f8d-94d6-51fea9f08624@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
 <X3NJdrRGpZU7UY_3kNzBPsj-LUT5t0DCLx4ASWVYHBg=.53ff5fa6-6f80-4877-9f4b-5b4642a50a9e@github.com>
 <F3nKMd9RSYED_T_Wdm7G8UVVaUvLpyWJ_eTLvuZolw4=.6ef6b9f8-0a80-4f8d-94d6-51fea9f08624@github.com>
Message-ID: <ywK3Rv5sDKvC2sGMCDsX3IZXm-gucG_5f16Z8xLm4Kw=.cd10e652-4a88-4cb6-a85d-113f09de60d0@github.com>

On Wed, 10 Dec 2025 16:06:57 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

> As for sendto() it's a lot less likely to block and I doubt it can block indefinitely, but I imagine it can block if socket buffer is full. I don't have a strong preference. If EINTR can be returned maybe it should be handled the same way?

Hard to test but I suspect the packet will be dropped rather than blocking. So my guess is that retry here can be simple and doesn't need to use the timeout.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28750#discussion_r2607357754

From dfuchs at openjdk.org  Wed Dec 10 16:40:18 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 10 Dec 2025 16:40:18 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v5]
In-Reply-To: <KkNSoGpUvOIwJKdHS5TKH3dAxPcMhOK4Ep-Fspvy5Qs=.be1e3a5d-a675-4e48-954b-211bc0938c32@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
 <KkNSoGpUvOIwJKdHS5TKH3dAxPcMhOK4Ep-Fspvy5Qs=.be1e3a5d-a675-4e48-954b-211bc0938c32@github.com>
Message-ID: <6cJWpPoJAIQ001UMGa_J3_bnKHlEWFhYHqSnH65iMFM=.079e7f33-c140-49dd-9bf4-64104c37d323@github.com>

On Wed, 10 Dec 2025 14:35:29 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8371903: Move goAwaySentLatch.await() back to original position
>>   
>>   Move the await call to after the first request but before the second
>>   and third requests, ensuring only one initial connection is created
>>   and the other requests are properly retried.
>
> Right, we only create one connection initially, and requests 2 and 3 are usually sent over the first connection before they are retried on new connections. This can be observed in the server logs as `resetting stream 3 as REFUSED_STREAM`. Ideally the server should not send anything after sending the GOAWAY frame with error, but I think what we have is good enough,

> @djelinski Oops, you're right! I moved `goAwaySentLatch.await()` back to its original position and now it works as expected - only 1 connection is created initially, and the other 2 are retries. Tested locally and all passed.

FWIW - if the request succeeds (no exception thrown) you can check/assert whether two requests were sent on the same or different connections by comparing the value returned by `HttpResponse::connectionLabel()`; Though the result is an `Optional` our implementation will never return an empty optional.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3637968978

From michaelm at openjdk.org  Wed Dec 10 16:43:14 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Wed, 10 Dec 2025 16:43:14 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew
In-Reply-To: <ywK3Rv5sDKvC2sGMCDsX3IZXm-gucG_5f16Z8xLm4Kw=.cd10e652-4a88-4cb6-a85d-113f09de60d0@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
 <X3NJdrRGpZU7UY_3kNzBPsj-LUT5t0DCLx4ASWVYHBg=.53ff5fa6-6f80-4877-9f4b-5b4642a50a9e@github.com>
 <F3nKMd9RSYED_T_Wdm7G8UVVaUvLpyWJ_eTLvuZolw4=.6ef6b9f8-0a80-4f8d-94d6-51fea9f08624@github.com>
 <ywK3Rv5sDKvC2sGMCDsX3IZXm-gucG_5f16Z8xLm4Kw=.cd10e652-4a88-4cb6-a85d-113f09de60d0@github.com>
Message-ID: <XCPP_FP52I32EhCGl8vVfzKKs8baIOnBfJCxYGcmx2o=.7a91c0af-c04e-4bbe-b47f-e49ea37e2e49@github.com>

On Wed, 10 Dec 2025 16:26:39 GMT, Alan Bateman <alanb at openjdk.org> wrote:

>> Oops. Didn't notice I had left the other calls out. Will add them now.
>> 
>> As for sendto() it's a lot less likely to block and I doubt it can block indefinitely, but I imagine it can block if socket buffer is full. I don't have a strong preference. If EINTR can be returned maybe it should be handled the same way?
>
>> As for sendto() it's a lot less likely to block and I doubt it can block indefinitely, but I imagine it can block if socket buffer is full. I don't have a strong preference. If EINTR can be returned maybe it should be handled the same way?
> 
> Hard to test but I suspect the packet will be dropped rather than blocking. So my guess is that retry here can be simple and doesn't need to use the timeout.

getaddrinfo() and getnameinfo() can potentially return EINTR. The main blocking call in these files is NET_Wait, which is already restarting in the case of EINTR (along with all other errno values). The question is should we be returning an error if errno is _not_ EINTR?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28750#discussion_r2607413746

From dfuchs at openjdk.org  Wed Dec 10 19:28:34 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 10 Dec 2025 19:28:34 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v5]
In-Reply-To: <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
Message-ID: <GXZS19X4ZHgsPZYqTdoRVAEAKg_hDYARIKCmcymk6k0=.091d1164-4fee-40fa-842b-45c145db8985@github.com>

On Wed, 10 Dec 2025 14:32:05 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Move goAwaySentLatch.await() back to original position
>   
>   Move the await call to after the first request but before the second
>   and third requests, ensuring only one initial connection is created
>   and the other requests are properly retried.

The copyright line in the file GoAwayWithErrorTest.java needs to be fixed.

test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 2:

> 1: /*
> 2:  * Copyright (c) 2025, Oracle and/or its affiliates.

Suggestion:

 * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.

-------------

Changes requested by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28632#pullrequestreview-3564154635
PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2607941253

From dfuchs at openjdk.org  Wed Dec 10 19:58:01 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 10 Dec 2025 19:58:01 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v5]
In-Reply-To: <k8x5MTNn8ule8YHCT75Vlznw2Cgo06f8eQhuOA16vfo=.516fc389-ddc4-4dab-997e-440aa44facc2@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <OvgsFHHMK8elrse4NWJa1afM6CJLNQae_3y0MTfxLHY=.79381b1d-0787-47cf-a9bd-5ed262159b8d@github.com>
 <lM3npf2h8qUprHWp2V8q04nKHbk1LMki7Jua5XBd7GE=.055d936e-0894-4d95-9eab-52d6f0921f01@github.com>
 <k8x5MTNn8ule8YHCT75Vlznw2Cgo06f8eQhuOA16vfo=.516fc389-ddc4-4dab-997e-440aa44facc2@github.com>
Message-ID: <UeIhZpVXoybWA6VHT00wdoQKTZZ7Hf8eAMZ0WVAk_Vg=.6a80d8ad-e7a5-4dc8-bdc1-7853891a8c7d@github.com>

On Thu, 4 Dec 2025 12:53:39 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> src/java.net.http/share/classes/jdk/internal/net/http/Http1Response.java line 338:
>> 
>>> 336:         } catch (ProtocolException pe) {
>>> 337:             cf.completeExceptionally(pe);
>>> 338:             return cf;
>> 
>> We're not going to read the body if we return here, so I think we should close the connection with the ProtocolException `pe` before returning the completable future `cf`. Otherwise - the connection will remained unclosed and out of the pool until we close the client.
>
> Doh! Very good catch. I've fixed this in 024e355f034. I've copied the `errorHandler` we pass to `ResponseSubscribers::getBodyAsync`. Note that I've slightly changed the `errorHandler` to have a `finally` block:
> 
> 
> try {
>     subscriber.onError(error);
>     cf.completeExceptionally(error);
> } finally {
>     asyncReceiver.setRetryOnError(false);
>     asyncReceiver.onReadError(error);
> }
> 
> 
> This is what the `executor.execute(() -> ...)` block does too, which I presume to guard against misbehaving `subscriber::onError` and `cf::completeExceptionally`.
> 
> @dfuch, I'm not resolving this conversation yet. Would you mind reviewing 024e355f034 and letting me know if it is okay, please?

Looks OK - out of curiosity, is the try-finally simple hygienic or did you observe a case where it was required?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28431#discussion_r2608027125

From duke at openjdk.org  Wed Dec 10 23:15:36 2025
From: duke at openjdk.org (EunHyunsu)
Date: Wed, 10 Dec 2025 23:15:36 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v6]
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <zA4yVn8OBabIdEFQJIatUHOIgBOVKfLyaWfIx0CDZts=.280af7f8-09ca-4add-97ad-262fe531f877@github.com>

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:

  GoAwayWithErrorTest.java Copyright update
  
  Co-authored-by: Daniel Fuchs <67001856+dfuch at users.noreply.github.com>

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28632/files
  - new: https://git.openjdk.org/jdk/pull/28632/files/6dc77e1b..112db211

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=05
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=04-05

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/28632.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28632/head:pull/28632

PR: https://git.openjdk.org/jdk/pull/28632

From duke at openjdk.org  Wed Dec 10 23:34:02 2025
From: duke at openjdk.org (EunHyunsu)
Date: Wed, 10 Dec 2025 23:34:02 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:

  8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28632/files
  - new: https://git.openjdk.org/jdk/pull/28632/files/112db211..6068c1f9

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=06
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=05-06

  Stats: 3 lines in 1 file changed: 1 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28632.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28632/head:pull/28632

PR: https://git.openjdk.org/jdk/pull/28632

From duke at openjdk.org  Wed Dec 10 23:34:03 2025
From: duke at openjdk.org (EunHyunsu)
Date: Wed, 10 Dec 2025 23:34:03 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v5]
In-Reply-To: <6cJWpPoJAIQ001UMGa_J3_bnKHlEWFhYHqSnH65iMFM=.079e7f33-c140-49dd-9bf4-64104c37d323@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <RuFpWBVTTbxeyRWe3mwdtZpxVsDZFrXT3e8ilwcmnBc=.c65e4d91-1560-447a-99fd-2305c255e077@github.com>
 <KkNSoGpUvOIwJKdHS5TKH3dAxPcMhOK4Ep-Fspvy5Qs=.be1e3a5d-a675-4e48-954b-211bc0938c32@github.com>
 <6cJWpPoJAIQ001UMGa_J3_bnKHlEWFhYHqSnH65iMFM=.079e7f33-c140-49dd-9bf4-64104c37d323@github.com>
Message-ID: <nTLnWntzAKyhV-TAj4mnmyMitXIzNLCAg5haPve3aOA=.59fda715-3664-4ab8-83b7-659da30d9a7e@github.com>

On Wed, 10 Dec 2025 16:37:15 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Right, we only create one connection initially, and requests 2 and 3 are usually sent over the first connection before they are retried on new connections. This can be observed in the server logs as `resetting stream 3 as REFUSED_STREAM`. Ideally the server should not send anything after sending the GOAWAY frame with error, but I think what we have is good enough,
>
>> @djelinski Oops, you're right! I moved `goAwaySentLatch.await()` back to its original position and now it works as expected - only 1 connection is created initially, and the other 2 are retries. Tested locally and all passed.
> 
> FWIW - if the request succeeds (no exception thrown) you can check/assert whether two requests were sent on the same or different connections by comparing the value returned by `HttpResponse::connectionLabel()`; Though the result is an `Optional` our implementation will never return an empty optional.

@dfuch Thank you for the thorough review. I've applied `Utils.adjustTimeout()` to both timeout values as you suggested.

Also, thanks for the tip about `HttpResponse::connectionLabel()` - that's really helpful to know for verifying connection reuse in the future. For this test, I'll keep the current approach since it's already validating the retry behavior correctly, but I'll definitely keep that in mind for future tests.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3639363834

From dfuchs at openjdk.org  Thu Dec 11 11:55:25 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 11 Dec 2025 11:55:25 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
Message-ID: <gmcWxNW3smVn1RssAalHGRVnJCDtpT4ErRnu1h0Gct0=.52e37917-7576-4df3-95ab-9b8c23c07e5b@github.com>

On Wed, 10 Dec 2025 23:34:02 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest

Thanks for the updates. LGTM.

-------------

Marked as reviewed by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28632#pullrequestreview-3567064580

From duke at openjdk.org  Thu Dec 11 12:01:33 2025
From: duke at openjdk.org (EunHyunsu)
Date: Thu, 11 Dec 2025 12:01:33 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <gmcWxNW3smVn1RssAalHGRVnJCDtpT4ErRnu1h0Gct0=.52e37917-7576-4df3-95ab-9b8c23c07e5b@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <gmcWxNW3smVn1RssAalHGRVnJCDtpT4ErRnu1h0Gct0=.52e37917-7576-4df3-95ab-9b8c23c07e5b@github.com>
Message-ID: <oFOSareEjW2fVHmxld2lBmn7rfyQDks9VRxSbiwI-90=.dd63919d-d9bc-4009-90ed-bc31731bf4e0@github.com>

On Thu, 11 Dec 2025 11:52:38 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> Thanks for the updates. LGTM.

Thank you!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3641578901

From duke at openjdk.org  Thu Dec 11 12:01:36 2025
From: duke at openjdk.org (duke)
Date: Thu, 11 Dec 2025 12:01:36 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
Message-ID: <LETEUzNDCZV1DjeNrecsMFPO9Ov3bYheOmIi0_c4I1M=.48cb2f01-8fd8-496c-a8c2-13042a6e1148@github.com>

On Wed, 10 Dec 2025 23:34:02 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest

@ehs208 
Your change (at version 6068c1f9710bde3545c91faa5045b3a650bdba38) is now ready to be sponsored by a Committer.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3641583741

From jpai at openjdk.org  Thu Dec 11 12:14:17 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 11 Dec 2025 12:14:17 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
Message-ID: <BndLC_nidHSFM7gbQ5sLMESD2qWNNaY2QpYuYNaf5Gs=.10801f9a-693f-445d-aa8e-17ed8c4d8012@github.com>

On Wed, 10 Dec 2025 23:34:02 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest

src/java.net.http/share/classes/jdk/internal/net/http/Http2Connection.java line 1473:

> 1471:                 numUnprocessed.incrementAndGet();
> 1472:             } else {
> 1473:                 stream.connectionClosing(cause.getCloseCause());

Hello @ehs208, I think this should be done a bit differently. Here we are merely constructing a `TerminationCause` and then closing the streams with that termination cause. But that doesn't guarantee that the connection will have been closed with this termination cause. I think what we should do here is merely mark the unprocessed streams with closeAsUnprocessed() and then just call `close(Http2TerminationCause.forH2Error(errorCode, errorMsg);`. The implementation of the `Http2Connection.Terminator.doTerminate()` already has the necessary logic to close all these (processed) streams with the termination cause. So I think this code should look something like:

final byte[] debugData = frame.getDebugData();
final String debugInfo = debugData.length > 0
        ? new String(debugData, UTF_8)
        : "";

...

streams.forEach((id, stream) -> {
    if (id > lastProcessedStream) {
        stream.closeAsUnprocessed();
        numUnprocessed.incrementAndGet();
    }
});
...
// closes the connection as well as the rest of the (processed) streams
close(Http2TerminationCause.forH2Error(errorCode, errorMsg));

I haven't tested this myself.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2610351685

From vyazici at openjdk.org  Thu Dec 11 12:14:18 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 11 Dec 2025 12:14:18 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v5]
In-Reply-To: <UeIhZpVXoybWA6VHT00wdoQKTZZ7Hf8eAMZ0WVAk_Vg=.6a80d8ad-e7a5-4dc8-bdc1-7853891a8c7d@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <OvgsFHHMK8elrse4NWJa1afM6CJLNQae_3y0MTfxLHY=.79381b1d-0787-47cf-a9bd-5ed262159b8d@github.com>
 <lM3npf2h8qUprHWp2V8q04nKHbk1LMki7Jua5XBd7GE=.055d936e-0894-4d95-9eab-52d6f0921f01@github.com>
 <k8x5MTNn8ule8YHCT75Vlznw2Cgo06f8eQhuOA16vfo=.516fc389-ddc4-4dab-997e-440aa44facc2@github.com>
 <UeIhZpVXoybWA6VHT00wdoQKTZZ7Hf8eAMZ0WVAk_Vg=.6a80d8ad-e7a5-4dc8-bdc1-7853891a8c7d@github.com>
Message-ID: <Tu3wsNya2fX1afPdMgZ8xBCVJ6P87sAfXdWk7vdETko=.e9ef96d1-4dd3-461d-a9e8-0bfbdd3f2d8f@github.com>

On Wed, 10 Dec 2025 19:54:58 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Doh! Very good catch. I've fixed this in 024e355f034. I've copied the `errorHandler` we pass to `ResponseSubscribers::getBodyAsync`. Note that I've slightly changed the `errorHandler` to have a `finally` block:
>> 
>> 
>> try {
>>     subscriber.onError(error);
>>     cf.completeExceptionally(error);
>> } finally {
>>     asyncReceiver.setRetryOnError(false);
>>     asyncReceiver.onReadError(error);
>> }
>> 
>> 
>> This is what the `executor.execute(() -> ...)` block does too, which I presume to guard against misbehaving `subscriber::onError` and `cf::completeExceptionally`.
>> 
>> @dfuch, I'm not resolving this conversation yet. Would you mind reviewing 024e355f034 and letting me know if it is okay, please?
>
> Looks OK - out of curiosity, is the try-finally simple hygienic or did you observe a case where it was required?

@djelinski also DM'ed me about the same questions yesterday. I unfortunately don't have a very satisfactory answer with complete certainty. In short, I've copied the existing convention in the area that I touched.

1. This convention ? having `subscriber.onError(error)` and `cf.completeExceptionally(error)` in `try`, and `asyncReceiver.setRetryOnError(false)` and `asyncReceiver.onReadError(error)` in `finally` ? was already present in the code before my changes.
2. Even though the handler passed to `ResponseSubscribers.getBodyAsync` did not have a `try`/`finally`, I did not opt for no-`try`/`finally` in `errorNotifier`, because AFAICT, `ResponseSubscribers.getBodyAsync` appears like an oversight, and all earlier lines always had `asyncReceiver.onReadError(error)` and `subscriber.onError(error)` in `finally`.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28431#discussion_r2610351303

From dfuchs at openjdk.org  Thu Dec 11 12:20:58 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 11 Dec 2025 12:20:58 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <BndLC_nidHSFM7gbQ5sLMESD2qWNNaY2QpYuYNaf5Gs=.10801f9a-693f-445d-aa8e-17ed8c4d8012@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <BndLC_nidHSFM7gbQ5sLMESD2qWNNaY2QpYuYNaf5Gs=.10801f9a-693f-445d-aa8e-17ed8c4d8012@github.com>
Message-ID: <RhlevVJVw1OVgwSRQndFn0VXNcKLGwq-LURt_Vsg3rE=.0494d79b-2868-4b2f-960b-c007b5e3b1df@github.com>

On Thu, 11 Dec 2025 12:11:46 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest
>
> src/java.net.http/share/classes/jdk/internal/net/http/Http2Connection.java line 1473:
> 
>> 1471:                 numUnprocessed.incrementAndGet();
>> 1472:             } else {
>> 1473:                 stream.connectionClosing(cause.getCloseCause());
> 
> Hello @ehs208, I think this should be done a bit differently. Here we are merely constructing a `TerminationCause` and then closing the streams with that termination cause. But that doesn't guarantee that the connection will have been closed with this termination cause. I think what we should do here is merely mark the unprocessed streams with closeAsUnprocessed() and then just call `close(Http2TerminationCause.forH2Error(errorCode, errorMsg);`. The implementation of the `Http2Connection.Terminator.doTerminate()` already has the necessary logic to close all these (processed) streams with the termination cause. So I think this code should look something like:
> 
> final byte[] debugData = frame.getDebugData();
> final String debugInfo = debugData.length > 0
>         ? new String(debugData, UTF_8)
>         : "";
> 
> ...
> 
> streams.forEach((id, stream) -> {
>     if (id > lastProcessedStream) {
>         stream.closeAsUnprocessed();
>         numUnprocessed.incrementAndGet();
>     }
> });
> ...
> // closes the connection as well as the rest of the (processed) streams
> close(Http2TerminationCause.forH2Error(errorCode, errorMsg));
> 
> I haven't tested this myself.

@jaikiran won't the code at line 1483 below (`close(cause)`) ensure that the connection is actually closed?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2610366237

From jpai at openjdk.org  Thu Dec 11 12:21:00 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 11 Dec 2025 12:21:00 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
Message-ID: <E7CSdL5t7RdLPHtBrw_JqlgQa7Xy2wVUFbJT-0d-82Y=.c4a6abd4-7673-4804-aa04-bf471c25fb1c@github.com>

On Wed, 10 Dec 2025 23:34:02 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest

test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 105:

> 103:                 .build();
> 104: 
> 105:         URI uri = URI.create("https://localhost:" + port + "/test");

The server constructed in this test (rightly) binds to loopback address. Using `localhost` here can resolve to a different address on some hosts. Please use `URIBuilder` test library class here instead of using `localhost` to construct the URI. Something like:


URI uri = URIBuilder.newBuilder()
        .scheme("https")
        .host(server.getAddress().getAddress())
        .port(server.getAddress().getPort())
        .path("/test")
        .build();

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2610364054

From vyazici at openjdk.org  Thu Dec 11 12:25:21 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 11 Dec 2025 12:25:21 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext"
Message-ID: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>

Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.

### Tips for reviewers

1. Start from `SimpleSSLContext.java`
2. See how `test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/SimpleSSLContext.java` is renamed to `test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/SimpleSSLContextWhiteboxAdapter.java` and how `@compile/module=java.net.http .../SimpleSSLContext.java` JTreg tag is used to inject `SimpleSSLContext`

-------------

Commit messages:
 - Overhaul `SimpleSSLContext` and its usages

Changes: https://git.openjdk.org/jdk/pull/28765/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28765&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8372661
  Stats: 1131 lines in 205 files changed: 83 ins; 712 del; 336 mod
  Patch: https://git.openjdk.org/jdk/pull/28765.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28765/head:pull/28765

PR: https://git.openjdk.org/jdk/pull/28765

From vyazici at openjdk.org  Thu Dec 11 12:25:22 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 11 Dec 2025 12:25:22 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext"
In-Reply-To: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
Message-ID: <-_8Armb1O6HfaLmE8DIlpWHLR1cxUpNvJr2uruKX8ho=.ebd3c950-5e39-4300-ae1c-2baadcaeaf98@github.com>

On Thu, 11 Dec 2025 09:45:54 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.
> 
> ### Tips for reviewers
> 
> 1. Start from `SimpleSSLContext.java`
> 2. See how `test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/SimpleSSLContext.java` is renamed to `test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/SimpleSSLContextWhiteboxAdapter.java` and how `@compile/module=java.net.http .../SimpleSSLContext.java` JTreg tag is used to inject `SimpleSSLContext`

Tier1-2 is clear on 326fd60e352.

test/lib/jdk/test/lib/net/SimpleSSLContext.java line 1:

> 1: /*

[JDK-8372661] suggests `newSSLContext` as the method name, though I opted for `findSSLContext` and `loadSSLContext` method names, because

1. `newSSLContext` clashes with IDEs auto-completion when one types `ClassName.new`
2. `findSSLContext` makes the intent more clear, because we indeed search for a key store file, and then load it
3. `loadSSLContext` makes the intent more clear, because it only and only tries to load an `SSLContext` from the provided key store file; it doesn't do a search or anything else.

[JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661

test/lib/jdk/test/lib/net/SimpleSSLContext.java line 77:

> 75:      * one cannot be loaded
> 76:      */
> 77:     public static SSLContext findSSLContext(String keyStoreFileRelPath, String protocol) {

This is made public to enable loading a key store file from alternative locations, which is required by whitebox tests.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28765#issuecomment-3641655710
PR Review Comment: https://git.openjdk.org/jdk/pull/28765#discussion_r2609917169
PR Review Comment: https://git.openjdk.org/jdk/pull/28765#discussion_r2609927102

From jpai at openjdk.org  Thu Dec 11 12:27:05 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 11 Dec 2025 12:27:05 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <RhlevVJVw1OVgwSRQndFn0VXNcKLGwq-LURt_Vsg3rE=.0494d79b-2868-4b2f-960b-c007b5e3b1df@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <BndLC_nidHSFM7gbQ5sLMESD2qWNNaY2QpYuYNaf5Gs=.10801f9a-693f-445d-aa8e-17ed8c4d8012@github.com>
 <RhlevVJVw1OVgwSRQndFn0VXNcKLGwq-LURt_Vsg3rE=.0494d79b-2868-4b2f-960b-c007b5e3b1df@github.com>
Message-ID: <dZc437PHjhyPjbleYEpObus9Qh-YsAXB5aVl4ocLHlM=.e17a4dd8-ecfe-4115-9db1-2ee55309d0e8@github.com>

On Thu, 11 Dec 2025 12:16:52 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> src/java.net.http/share/classes/jdk/internal/net/http/Http2Connection.java line 1473:
>> 
>>> 1471:                 numUnprocessed.incrementAndGet();
>>> 1472:             } else {
>>> 1473:                 stream.connectionClosing(cause.getCloseCause());
>> 
>> Hello @ehs208, I think this should be done a bit differently. Here we are merely constructing a `TerminationCause` and then closing the streams with that termination cause. But that doesn't guarantee that the connection will have been closed with this termination cause. I think what we should do here is merely mark the unprocessed streams with closeAsUnprocessed() and then just call `close(Http2TerminationCause.forH2Error(errorCode, errorMsg);`. The implementation of the `Http2Connection.Terminator.doTerminate()` already has the necessary logic to close all these (processed) streams with the termination cause. So I think this code should look something like:
>> 
>> final byte[] debugData = frame.getDebugData();
>> final String debugInfo = debugData.length > 0
>>         ? new String(debugData, UTF_8)
>>         : "";
>> 
>> ...
>> 
>> streams.forEach((id, stream) -> {
>>     if (id > lastProcessedStream) {
>>         stream.closeAsUnprocessed();
>>         numUnprocessed.incrementAndGet();
>>     }
>> });
>> ...
>> // closes the connection as well as the rest of the (processed) streams
>> close(Http2TerminationCause.forH2Error(errorCode, errorMsg));
>> 
>> I haven't tested this myself.
>
> @jaikiran won't the code at line 1483 below (`close(cause)`) ensure that the connection is actually closed?

Hello Daniel, line 1483, does guarantee that the connection will actually get closed (if it isn't already).
In the current proposed form in this PR, the potential issue is that the processed streams are being passed a termination cause (the one from goaway frame), however the connection itself might get closed by a different cause, by the time the close on line 1483 is run. So we can end up in a situation where the connection closure cause is something else and the stream termination cause is something else.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2610388687

From dfuchs at openjdk.org  Thu Dec 11 12:32:38 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 11 Dec 2025 12:32:38 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <dZc437PHjhyPjbleYEpObus9Qh-YsAXB5aVl4ocLHlM=.e17a4dd8-ecfe-4115-9db1-2ee55309d0e8@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <BndLC_nidHSFM7gbQ5sLMESD2qWNNaY2QpYuYNaf5Gs=.10801f9a-693f-445d-aa8e-17ed8c4d8012@github.com>
 <RhlevVJVw1OVgwSRQndFn0VXNcKLGwq-LURt_Vsg3rE=.0494d79b-2868-4b2f-960b-c007b5e3b1df@github.com>
 <dZc437PHjhyPjbleYEpObus9Qh-YsAXB5aVl4ocLHlM=.e17a4dd8-ecfe-4115-9db1-2ee55309d0e8@github.com>
Message-ID: <2rx_Y86pByMIGDiHh6as-JXXcKT60VChR7ud-7RrLyA=.0034a09a-bc3b-4a6b-a2aa-ee069d4e486e@github.com>

On Thu, 11 Dec 2025 12:24:29 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> @jaikiran won't the code at line 1483 below (`close(cause)`) ensure that the connection is actually closed?
>
> Hello Daniel, line 1483, does guarantee that the connection will actually get closed (if it isn't already).
> In the current proposed form in this PR, the potential issue is that the processed streams are being passed a termination cause (the one from goaway frame), however the connection itself might get closed by a different cause, by the time the close on line 1483 is run. So we can end up in a situation where the connection closure cause is something else and the stream termination cause is something else.

Oh - I see - good catch then!

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2610404534

From jpai at openjdk.org  Thu Dec 11 12:36:35 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 11 Dec 2025 12:36:35 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
Message-ID: <sjVI0C-KD6QmyXt-nVIMgevmDabOi8FpBLLM310QeCk=.1995f7ad-2f80-495a-a5c5-d25a5ccdd75c@github.com>

On Wed, 10 Dec 2025 23:34:02 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest

test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 113:

> 111:                 request, HttpResponse.BodyHandlers.ofString());
> 112: 
> 113:         if (!goAwaySentLatch.await(Utils.adjustTimeout(5), TimeUnit.SECONDS)) {

I suggest that we replace this with just `goAwaySentLatch.await()`. Our experience with arbitrary timeouts in tests has been that they fail intermittently when those timeouts aren't met. In this case there's no reason for the await() to complete in a specific amount of time. If it doesn't complete for the entire test duration (which by default is 2 minutes), then that very likely is a bug and will need investigation. jtreg test failure handler has the infrastructure to collect the thread dumps when such timeouts happen. So leaving out these arbitrary timeouts helps in such cases. So I think we should change this line to just:


goAwaySentLatch.await();

test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 124:

> 122: 
> 123:         CompletableFuture.allOf(first, second, third)
> 124:                 .orTimeout(Utils.adjustTimeout(20), TimeUnit.SECONDS)

Similar to the review comment above, we shouldn't use any timeout here and instead should just wait for the requests to complete.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2610414348
PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2610416068

From jpai at openjdk.org  Thu Dec 11 12:41:58 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 11 Dec 2025 12:41:58 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <sjVI0C-KD6QmyXt-nVIMgevmDabOi8FpBLLM310QeCk=.1995f7ad-2f80-495a-a5c5-d25a5ccdd75c@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <sjVI0C-KD6QmyXt-nVIMgevmDabOi8FpBLLM310QeCk=.1995f7ad-2f80-495a-a5c5-d25a5ccdd75c@github.com>
Message-ID: <ML5OjlmUAcgICpyxfaUIrD_C-w9rv_8YJ6L2qgOlPJc=.7e2defdc-fcbd-421a-af32-9cc8c8032ed7@github.com>

On Thu, 11 Dec 2025 12:33:22 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest
>
> test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 124:
> 
>> 122: 
>> 123:         CompletableFuture.allOf(first, second, third)
>> 124:                 .orTimeout(Utils.adjustTimeout(20), TimeUnit.SECONDS)
> 
> Similar to the review comment above, we shouldn't use any timeout here and instead should just wait for the requests to complete.

On second look, is this entire `allOf(...).join()` even needed? From what I see in the next lines, the test iterates over the CompletableFuture(s) of the requests and join()s on each request waiting for it to complete.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2610435450

From jpai at openjdk.org  Thu Dec 11 12:44:57 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 11 Dec 2025 12:44:57 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
Message-ID: <Y8ls6E6DRq9_DdXgxlb6ww8IZ5LLlHVequQnrLPq7Rs=.bc85faac-02e0-476a-a0be-19ae6463bc20@github.com>

On Wed, 10 Dec 2025 23:34:02 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest

test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 139:

> 137:                 if (response.statusCode() == 200) {
> 138:                     successCount++;
> 139:                 }

I think instead of keeping count of the success/failed requests, we should just assertEquals() the statusCode() here for each response. In its current form, we lose information of what the unepxected response status code was, which caused it to fail. So something like:


Assertions.assertEquals(200, response.statusCode(), "unexpected status code");

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2610443100

From dfuchs at openjdk.org  Thu Dec 11 13:06:36 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 11 Dec 2025 13:06:36 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext"
In-Reply-To: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
Message-ID: <VChai_0l1bvp_1UcvuwG_u6CfenLU3Z6TpDmMugZ1GQ=.00298120-c6ce-4668-8eb5-cd155bf67c53@github.com>

On Thu, 11 Dec 2025 09:45:54 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.
> 
> ### Tips for reviewers
> 
> 1. Start from `SimpleSSLContext.java`
> 2. See how `test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/SimpleSSLContext.java` is renamed to `test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/SimpleSSLContextWhiteboxAdapter.java` and how `@compile/module=java.net.http .../SimpleSSLContext.java` JTreg tag is used to inject `SimpleSSLContext`

I would prefer to split this PR into two fixes:

 - a first fix that simply adds the new API to SimpleSSLContext, without removing the old API.
 - a second fix that do all the rest: remove the old API and update the tests.
 
This would allow us to easily backport the first fix, and new tests would not need adaptation when they are later being backported provided that the first fix has been backported first.

You could enjoy using dependent PRs for this :-)

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28765#issuecomment-3641822078

From dfuchs at openjdk.org  Thu Dec 11 13:28:35 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 11 Dec 2025 13:28:35 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v8]
In-Reply-To: <tUfaBqFEGZPd8Im1mPlAFWJVHgHgG6gqdx9n3NQWGJM=.f6831f42-9251-4176-ab81-571a7684a3d9@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <tUfaBqFEGZPd8Im1mPlAFWJVHgHgG6gqdx9n3NQWGJM=.f6831f42-9251-4176-ab81-571a7684a3d9@github.com>
Message-ID: <k-1C_HeScuTTtoKuDL5H3Bd-gF0h-1YIXT3YwMsbL0s=.f08ffe8e-8eec-4961-88ee-4faf412b646c@github.com>

On Tue, 9 Dec 2025 20:28:14 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Add guards against `HttpHeaders::firstValueAsLong` failures. `H3MalformedResponseTest` is overhauled ? migrated to JUnit, reinforced with exception type tests, etc. ? but not all `firstValueAsLong` changes are verified with new additional tests. `test/jdk/java/net/httpclient/` tests still do pass.
>
> Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 18 commits:
> 
>  - Pull changes from upstream
>  - Merge remote-tracking branch 'upstream/master' into firstValueAsLong
>  - Close connection after `Content-Length` read failure in `Http1Response`
>  - Insert the redundant `Http3Stream` assert back
>  - Introduce dangling `firstValueAsLong("content-length")` calls back
>  - Document `Http1Response::ignoreBody`
>  - Remove redundant `finally`
>  - Use `-1` as default in `Http3ExchangeImpl`
>  - Use `readStatusCode()` in `Http3Stream`
>  - Replace `orElse(null)` with `Optional` usage
>  - ... and 8 more: https://git.openjdk.org/jdk/compare/786833cd...b677820c

src/java.net.http/share/classes/jdk/internal/net/http/Http3ExchangeImpl.java line 1303:

> 1301:                 promiseHeaders, "illegal push headers for pushId=%s: ".formatted(pushId), -1);
> 1302:         if (clen > 0) {
> 1303:             throw new ProtocolException("push headers contain non-zero \"Content-Length\" for pushId=" + pushId);

Nit - the exception for Transfer-Encoding below doesn't have double quotes around Transfer-Encoding. I don't mind adding double quotes here but maybe they should be added below too for consistency.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28431#discussion_r2609814834

From vyazici at openjdk.org  Thu Dec 11 15:05:44 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 11 Dec 2025 15:05:44 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v9]
In-Reply-To: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
Message-ID: <mkTqyziZ7G7JvBkYjA9GOffAGaEEu5cK0EQFe3cQbDg=.6cd827e9-ef65-4c8f-8b1e-fff7c47bfa8e@github.com>

> Add guards against `HttpHeaders::firstValueAsLong` failures. `H3MalformedResponseTest` is overhauled ? migrated to JUnit, reinforced with exception type tests, etc. ? but not all `firstValueAsLong` changes are verified with new additional tests. `test/jdk/java/net/httpclient/` tests still do pass.

Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:

  Double-quote `Transfer-Encoding` in exception message

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28431/files
  - new: https://git.openjdk.org/jdk/pull/28431/files/b677820c..1d136049

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28431&range=08
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28431&range=07-08

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/28431.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28431/head:pull/28431

PR: https://git.openjdk.org/jdk/pull/28431

From vyazici at openjdk.org  Thu Dec 11 15:05:48 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 11 Dec 2025 15:05:48 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v8]
In-Reply-To: <k-1C_HeScuTTtoKuDL5H3Bd-gF0h-1YIXT3YwMsbL0s=.f08ffe8e-8eec-4961-88ee-4faf412b646c@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <tUfaBqFEGZPd8Im1mPlAFWJVHgHgG6gqdx9n3NQWGJM=.f6831f42-9251-4176-ab81-571a7684a3d9@github.com>
 <k-1C_HeScuTTtoKuDL5H3Bd-gF0h-1YIXT3YwMsbL0s=.f08ffe8e-8eec-4961-88ee-4faf412b646c@github.com>
Message-ID: <T9SJZNCeRzRfUA2Ac_1h5Nfc4cEsQnUeC_34bMyJJnw=.33a11298-0530-44e5-b117-1204e59b6c9d@github.com>

On Thu, 11 Dec 2025 09:21:41 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 18 commits:
>> 
>>  - Pull changes from upstream
>>  - Merge remote-tracking branch 'upstream/master' into firstValueAsLong
>>  - Close connection after `Content-Length` read failure in `Http1Response`
>>  - Insert the redundant `Http3Stream` assert back
>>  - Introduce dangling `firstValueAsLong("content-length")` calls back
>>  - Document `Http1Response::ignoreBody`
>>  - Remove redundant `finally`
>>  - Use `-1` as default in `Http3ExchangeImpl`
>>  - Use `readStatusCode()` in `Http3Stream`
>>  - Replace `orElse(null)` with `Optional` usage
>>  - ... and 8 more: https://git.openjdk.org/jdk/compare/786833cd...b677820c
>
> src/java.net.http/share/classes/jdk/internal/net/http/Http3ExchangeImpl.java line 1303:
> 
>> 1301:                 promiseHeaders, "illegal push headers for pushId=%s: ".formatted(pushId), -1);
>> 1302:         if (clen > 0) {
>> 1303:             throw new ProtocolException("push headers contain non-zero \"Content-Length\" for pushId=" + pushId);
> 
> Nit - the exception for Transfer-Encoding below doesn't have double quotes around Transfer-Encoding. I don't mind adding double quotes here but maybe they should be added below too for consistency.

Double-quoted `Transfer-Encoding` in 1d136049050.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28431#discussion_r2610930631

From dfuchs at openjdk.org  Thu Dec 11 15:14:58 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 11 Dec 2025 15:14:58 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v9]
In-Reply-To: <mkTqyziZ7G7JvBkYjA9GOffAGaEEu5cK0EQFe3cQbDg=.6cd827e9-ef65-4c8f-8b1e-fff7c47bfa8e@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <mkTqyziZ7G7JvBkYjA9GOffAGaEEu5cK0EQFe3cQbDg=.6cd827e9-ef65-4c8f-8b1e-fff7c47bfa8e@github.com>
Message-ID: <uGrxel3phG1TrzDjG-OsJYGcc9_FJfY29_hC1oqd1zE=.d48e4f39-0c3b-49d8-a33c-617c4d1cb5bc@github.com>

On Thu, 11 Dec 2025 15:05:44 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Add guards against `HttpHeaders::firstValueAsLong` failures. `H3MalformedResponseTest` is overhauled ? migrated to JUnit, reinforced with exception type tests, etc. ? but not all `firstValueAsLong` changes are verified with new additional tests. `test/jdk/java/net/httpclient/` tests still do pass.
>
> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Double-quote `Transfer-Encoding` in exception message

LGTM

-------------

Marked as reviewed by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28431#pullrequestreview-3567931890

From michaelm at openjdk.org  Thu Dec 11 16:27:29 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Thu, 11 Dec 2025 16:27:29 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew [v2]
In-Reply-To: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
Message-ID: <wnWw7dxIM3_BROXbB_GcX1hP4q9N2iKWxrXjFB10qlY=.ad8b5f83-8a2b-43f8-9749-1a0e80f67d0e@github.com>

> Hi,
> 
> This change updates the use of NET_ThrowNew in Inet4AddressImpl.c + Inet6AddressImpl.c (unix).
> Currently EINTR is incorrectly handled in NET_ThrowNew to throw InterruptedIOException.
> 
> The only possible places in these files where EINTR can be returned is in the sendto() calls
> for ping4() and ping6() used by the InetAddress.isReachable() API.
> 
> The change checks for EINTR returned from those calls and restarts the sendto()
> if the timeout allows it. If EINTR is detected by NET_ThrowNew it is thrown as an ordinary
> SocketException, but this should not happen.
> 
> The fix is only partially tested as it is difficult to make sendto() return EINTR in practice, but
> I added a unit test for the new native function that checks if the timeout has expired.
> 
> Thanks,
> Michael

Michael McMahon has updated the pull request incrementally with five additional commits since the last revision:

 - impl update
 - update
 - header file update
 - impl update
 - removed test updated impl

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28750/files
  - new: https://git.openjdk.org/jdk/pull/28750/files/6f6189a9..899a4d5c

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28750&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28750&range=00-01

  Stats: 580 lines in 8 files changed: 21 ins; 521 del; 38 mod
  Patch: https://git.openjdk.org/jdk/pull/28750.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28750/head:pull/28750

PR: https://git.openjdk.org/jdk/pull/28750

From michaelm at openjdk.org  Thu Dec 11 16:27:31 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Thu, 11 Dec 2025 16:27:31 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew
In-Reply-To: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
Message-ID: <QPCKnYC_1KUdw6EokWOft-6zgjAZ6miSkd1gUWq_CEE=.c923f3ae-de90-4852-b50e-07b57fce9257@github.com>

On Wed, 10 Dec 2025 15:29:51 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

> Hi,
> 
> This change updates the use of NET_ThrowNew in Inet4AddressImpl.c + Inet6AddressImpl.c (unix).
> Currently EINTR is incorrectly handled in NET_ThrowNew to throw InterruptedIOException.
> 
> The only possible places in these files where EINTR can be returned is in the sendto() calls
> for ping4() and ping6() used by the InetAddress.isReachable() API.
> 
> The change checks for EINTR returned from those calls and restarts the sendto()
> if the timeout allows it. If EINTR is detected by NET_ThrowNew it is thrown as an ordinary
> SocketException, but this should not happen.
> 
> The fix is only partially tested as it is difficult to make sendto() return EINTR in practice, but
> I added a unit test for the new native function that checks if the timeout has expired.
> 
> Thanks,
> Michael

I?ve updated the implementation to check for EINTR from all blocking calls and all other system calls specified to be able to return EINTR, though in all cases they are used in non-blocking mode, which means the error is unlikely to occur. The new native function is removed and the test that exercised it also.

There is some reformatting of NET_Wait but no functional changes.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28750#issuecomment-3642724298

From alanb at openjdk.org  Thu Dec 11 17:11:09 2025
From: alanb at openjdk.org (Alan Bateman)
Date: Thu, 11 Dec 2025 17:11:09 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew [v2]
In-Reply-To: <wnWw7dxIM3_BROXbB_GcX1hP4q9N2iKWxrXjFB10qlY=.ad8b5f83-8a2b-43f8-9749-1a0e80f67d0e@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
 <wnWw7dxIM3_BROXbB_GcX1hP4q9N2iKWxrXjFB10qlY=.ad8b5f83-8a2b-43f8-9749-1a0e80f67d0e@github.com>
Message-ID: <H6HdrUgQexFS8Tu9krmE5KuaPPWXa02tT1AsbXWl5zo=.b30105b1-1370-462e-9f01-085623aa0394@github.com>

On Thu, 11 Dec 2025 16:27:29 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

>> Hi,
>> 
>> This change updates the use of NET_ThrowNew in Inet4AddressImpl.c + Inet6AddressImpl.c (unix).
>> Currently EINTR is incorrectly handled in NET_ThrowNew to throw InterruptedIOException.
>> 
>> The only possible places in these files where EINTR can be returned is in the sendto() calls
>> for ping4() and ping6() used by the InetAddress.isReachable() API.
>> 
>> The change checks for EINTR returned from those calls and restarts the sendto()
>> if the timeout allows it. If EINTR is detected by NET_ThrowNew it is thrown as an ordinary
>> SocketException, but this should not happen.
>> 
>> The fix is only partially tested as it is difficult to make sendto() return EINTR in practice, but
>> I added a unit test for the new native function that checks if the timeout has expired.
>> 
>> Thanks,
>> Michael
>
> Michael McMahon has updated the pull request incrementally with five additional commits since the last revision:
> 
>  - impl update
>  - update
>  - header file update
>  - impl update
>  - removed test updated impl

src/java.base/unix/native/libnet/Inet4AddressImpl.c line 112:

> 110: 
> 111:     NET_RESTARTABLE(error, getaddrinfo(hostname, NULL, &hints, &res),
> 112:                     error != EAI_SYSTEM)

Have you verified that a pthread_kill of a thread blocked in getaddrinfo returns EAI_SYSTEM with errno=EINTR?  I can't be sure from the man page.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28750#discussion_r2611389658

From vyazici at openjdk.org  Thu Dec 11 18:13:26 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 11 Dec 2025 18:13:26 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext" [v2]
In-Reply-To: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
Message-ID: <Gi8BJtIRBoL6dTwuB6ic-0PTBQU16TGkAxbiBY-4d0E=.b461ddca-afc7-4537-9a99-4afa34659f79@github.com>

> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.
> 
> ### Tips for reviewers
> 
> 1. Start from `SimpleSSLContext.java`
> 2. See how `test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/SimpleSSLContext.java` is renamed to `test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/SimpleSSLContextWhiteboxAdapter.java` and how `@compile/module=java.net.http .../SimpleSSLContext.java` JTreg tag is used to inject `SimpleSSLContext`

Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:

  Reverted all changes and only kept `SimpleSSLContext` enhancements

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28765/files
  - new: https://git.openjdk.org/jdk/pull/28765/files/326fd60e..d4c9b312

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28765&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28765&range=00-01

  Stats: 1093 lines in 205 files changed: 734 ins; 54 del; 305 mod
  Patch: https://git.openjdk.org/jdk/pull/28765.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28765/head:pull/28765

PR: https://git.openjdk.org/jdk/pull/28765

From vyazici at openjdk.org  Thu Dec 11 18:17:49 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 11 Dec 2025 18:17:49 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext"
In-Reply-To: <VChai_0l1bvp_1UcvuwG_u6CfenLU3Z6TpDmMugZ1GQ=.00298120-c6ce-4668-8eb5-cd155bf67c53@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
 <VChai_0l1bvp_1UcvuwG_u6CfenLU3Z6TpDmMugZ1GQ=.00298120-c6ce-4668-8eb5-cd155bf67c53@github.com>
Message-ID: <mnUZZcXr3Gyyl_tQ9D8DFjkMgMh7ukh-evmP57f3Q4I=.dc70519b-47bd-4183-b520-21c3739dcd1b@github.com>

On Thu, 11 Dec 2025 13:01:53 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.
>> 
>> ### Tips for reviewers
>> 
>> 1. Start from `SimpleSSLContext.java`
>> 2. See how `test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/SimpleSSLContext.java` is renamed to `test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/SimpleSSLContextWhiteboxAdapter.java` and how `@compile/module=java.net.http .../SimpleSSLContext.java` JTreg tag is used to inject `SimpleSSLContext`
>
> I would prefer to split this PR into two fixes:
> 
>  - a first fix that simply adds the new API to SimpleSSLContext, without removing the old API.
>  - a second fix that do all the rest: remove the old API and update the tests.
>  
> This would allow us to easily backport the first fix, and new tests would not need adaptation when they are later being backported provided that the first fix has been backported first.
> 
> You could enjoy using dependent PRs for this :-)

@dfuch, I've updated the ticket and this PR as follows:

1. Pushed d4c9b3129fc reverting all changes and only keeping `SimpleSSLContext` enhancements, and updated the parent ticket description (i.e., [JDK-8372661]) to reflect this.
2. Created [JDK-8373515] for migrating `test/jdk/java/net/httpclient/`
3. Created [JDK-8373537] for migrating `test/jdk/com/sun/net/httpserver/`
4. Created [JDK-8373538] for migrating the rest, and removing the unused `SimpleSSLContext` methods

[JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661
[JDK-8373515]: https://bugs.openjdk.org/browse/JDK-8373515
[JDK-8373537]: https://bugs.openjdk.org/browse/JDK-8373537
[JDK-8373538]: https://bugs.openjdk.org/browse/JDK-8373538

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28765#issuecomment-3643196386

From vyazici at openjdk.org  Thu Dec 11 18:57:31 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 11 Dec 2025 18:57:31 GMT
Subject: RFR: 8373515: Migrate "test/jdk/java/net/httpclient/" to null-safe
 "SimpleSSLContext" methods
Message-ID: <jODBufbtCDhCiI4q08shMw_DYJQ0HNXkykQPNh4H9uE=.8172693a-46c4-4601-93ac-20fa7cda9842@github.com>

Migrates `test/jdk/java/net/httpclient/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.

[JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661

-------------

Commit messages:
 - Restore `test/jdk/java/net/httpclient/` changes
 - Reverted all changes and only kept `SimpleSSLContext` enhancements
 - Overhaul `SimpleSSLContext` and its usages

Changes: https://git.openjdk.org/jdk/pull/28771/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28771&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373515
  Stats: 1073 lines in 180 files changed: 108 ins; 667 del; 298 mod
  Patch: https://git.openjdk.org/jdk/pull/28771.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28771/head:pull/28771

PR: https://git.openjdk.org/jdk/pull/28771

From vyazici at openjdk.org  Thu Dec 11 18:57:33 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 11 Dec 2025 18:57:33 GMT
Subject: RFR: 8373515: Migrate "test/jdk/java/net/httpclient/" to null-safe
 "SimpleSSLContext" methods
In-Reply-To: <jODBufbtCDhCiI4q08shMw_DYJQ0HNXkykQPNh4H9uE=.8172693a-46c4-4601-93ac-20fa7cda9842@github.com>
References: <jODBufbtCDhCiI4q08shMw_DYJQ0HNXkykQPNh4H9uE=.8172693a-46c4-4601-93ac-20fa7cda9842@github.com>
Message-ID: <tR7OvjyvB9JPDRt6Uq2uVyM9FMPtC4Dsowxgr7XTxno=.0bd79f39-764d-4781-a906-23d536e904a1@github.com>

On Thu, 11 Dec 2025 18:49:12 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> Migrates `test/jdk/java/net/httpclient/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.
> 
> [JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661

test/lib/jdk/test/lib/net/SimpleSSLContext.java line 1:

> 1: /*

This file will be provided by [JDK-8372661].

[JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28771#discussion_r2611701126

From dfuchs at openjdk.org  Thu Dec 11 18:57:56 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 11 Dec 2025 18:57:56 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext" [v2]
In-Reply-To: <Gi8BJtIRBoL6dTwuB6ic-0PTBQU16TGkAxbiBY-4d0E=.b461ddca-afc7-4537-9a99-4afa34659f79@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
 <Gi8BJtIRBoL6dTwuB6ic-0PTBQU16TGkAxbiBY-4d0E=.b461ddca-afc7-4537-9a99-4afa34659f79@github.com>
Message-ID: <Z7fx_EDYeK_rwb9vrzxL20Ioz-ItxrGv6QDyBJitVbA=.24e781b1-84e6-4ec6-972e-57e7f58c5612@github.com>

On Thu, 11 Dec 2025 18:13:26 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.
>
> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Reverted all changes and only kept `SimpleSSLContext` enhancements

test/lib/jdk/test/lib/net/SimpleSSLContext.java line 159:

> 157:         }
> 158:     }
> 159: 

I believe you need to keep the `ssl` instance variable here, and return that if not null.  Or set it in the constructor. As we have seen with httpclient test sharing the same context can lead to subtle behavioral difference, so it would be better if this change didn't bring behavioral changes to the old API.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28765#discussion_r2611717420

From djelinski at openjdk.org  Thu Dec 11 18:58:07 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Thu, 11 Dec 2025 18:58:07 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v9]
In-Reply-To: <mkTqyziZ7G7JvBkYjA9GOffAGaEEu5cK0EQFe3cQbDg=.6cd827e9-ef65-4c8f-8b1e-fff7c47bfa8e@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <mkTqyziZ7G7JvBkYjA9GOffAGaEEu5cK0EQFe3cQbDg=.6cd827e9-ef65-4c8f-8b1e-fff7c47bfa8e@github.com>
Message-ID: <mLRlHmYxE49B5DrmXV_eOkuhZL85UyPpE8yA13vHaFY=.d718816e-7085-4eb9-bf54-4c210b651360@github.com>

On Thu, 11 Dec 2025 15:05:44 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Add guards against `HttpHeaders::firstValueAsLong` failures. `H3MalformedResponseTest` is overhauled ? migrated to JUnit, reinforced with exception type tests, etc. ? but not all `firstValueAsLong` changes are verified with new additional tests. `test/jdk/java/net/httpclient/` tests still do pass.
>
> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Double-quote `Transfer-Encoding` in exception message

Marked as reviewed by djelinski (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28431#pullrequestreview-3568870225

From michaelm at openjdk.org  Fri Dec 12 09:18:53 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Fri, 12 Dec 2025 09:18:53 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew [v2]
In-Reply-To: <H6HdrUgQexFS8Tu9krmE5KuaPPWXa02tT1AsbXWl5zo=.b30105b1-1370-462e-9f01-085623aa0394@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
 <wnWw7dxIM3_BROXbB_GcX1hP4q9N2iKWxrXjFB10qlY=.ad8b5f83-8a2b-43f8-9749-1a0e80f67d0e@github.com>
 <H6HdrUgQexFS8Tu9krmE5KuaPPWXa02tT1AsbXWl5zo=.b30105b1-1370-462e-9f01-085623aa0394@github.com>
Message-ID: <P_c4XIlCuSvOJkpFmz6USPoui5qY9DCx4W5uc0Oc8cs=.4628df4d-1bdf-4214-a87d-6c9ceed73b1f@github.com>

On Thu, 11 Dec 2025 17:08:24 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> Have you verified that a pthread_kill of a thread blocked in getaddrinfo returns EAI_SYSTEM with errno=EINTR? I can't be sure from the man page.

I will try to verify that.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28750#discussion_r2613497864

From dyama at openjdk.org  Fri Dec 12 09:24:21 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Fri, 12 Dec 2025 09:24:21 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v5]
In-Reply-To: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
Message-ID: <QXEUUOgCKvGBXL_B5BVgCyT4wS03DEiVwE1j9h0RJgU=.ece95c69-82de-4279-9f76-00bbcae5adfe@github.com>

> Hello mainteners,
> 
> I cleaned up inconsistent spacing across the httpserver codebase.  
> 
> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
> 2. Applied the same rule to function and constructor calls.
> 3. Normalised other spacing based on the majority style already used in the codebase.
> 4. Left spots untouched where keeping the spacing improves readability.
> 
> **This PR only adds or removes spaces. No functional changes.**
> 
> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
> I split the commits, so I can easily revert the one that touches the logic.

Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:

  Update copyright year to 2025 in multiple HTTP server files

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28660/files
  - new: https://git.openjdk.org/jdk/pull/28660/files/f4888a4f..8087e2d7

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=04
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=03-04

  Stats: 19 lines in 19 files changed: 0 ins; 0 del; 19 mod
  Patch: https://git.openjdk.org/jdk/pull/28660.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28660/head:pull/28660

PR: https://git.openjdk.org/jdk/pull/28660

From dyama at openjdk.org  Fri Dec 12 09:24:22 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Fri, 12 Dec 2025 09:24:22 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v4]
In-Reply-To: <fyxgaDX13YJ5QonmI8tzjBbqXvAzRNRFpqYTTtwkAvQ=.60eb7a65-4fd4-4eed-a2ff-8b9ef56333ca@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <fyxgaDX13YJ5QonmI8tzjBbqXvAzRNRFpqYTTtwkAvQ=.60eb7a65-4fd4-4eed-a2ff-8b9ef56333ca@github.com>
Message-ID: <1r3BVTneb9oknsSj3BeivjZxhcILu8yUleAbWUOLGX0=.30dd76af-0a9d-4ece-93e1-60a2ed17c2ca@github.com>

On Tue, 9 Dec 2025 11:30:51 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add a missing parenthesis
>   
>   Co-authored-by: Daniel Jelinski <djelinski1 at gmail.com>

Thank you for the clarification.
I understand and updated the copyright year in all affected files accordingly.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3645618087

From jpai at openjdk.org  Fri Dec 12 09:37:00 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Fri, 12 Dec 2025 09:37:00 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v4]
In-Reply-To: <1r3BVTneb9oknsSj3BeivjZxhcILu8yUleAbWUOLGX0=.30dd76af-0a9d-4ece-93e1-60a2ed17c2ca@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <fyxgaDX13YJ5QonmI8tzjBbqXvAzRNRFpqYTTtwkAvQ=.60eb7a65-4fd4-4eed-a2ff-8b9ef56333ca@github.com>
 <1r3BVTneb9oknsSj3BeivjZxhcILu8yUleAbWUOLGX0=.30dd76af-0a9d-4ece-93e1-60a2ed17c2ca@github.com>
Message-ID: <YqlSsP16ijO4BBsoPVYNnV5BUIkIj13GF8Zf0YVnaw4=.d33653e4-ad1c-4760-a489-45d142306d19@github.com>

On Fri, 12 Dec 2025 09:16:42 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Add a missing parenthesis
>>   
>>   Co-authored-by: Daniel Jelinski <djelinski1 at gmail.com>
>
> Thank you for the clarification.
> I understand and updated the copyright year in all affected files accordingly.

Thank you for the update @PeyaPeyaPeyang. It looks like the following 8 files were missed from this update and will need a similar change:

src/jdk.httpserver/share/classes/com/sun/net/httpserver/Authenticator.java
src/jdk.httpserver/share/classes/com/sun/net/httpserver/BasicAuthenticator.java
src/jdk.httpserver/share/classes/com/sun/net/httpserver/Filter.java
src/jdk.httpserver/share/classes/com/sun/net/httpserver/spi/HttpServerProvider.java
src/jdk.httpserver/share/classes/sun/net/httpserver/LeftOverInputStream.java
src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java
src/jdk.httpserver/share/classes/sun/net/httpserver/SSLStreams.java
src/jdk.httpserver/share/classes/sun/net/httpserver/UnmodifiableHeaders.java

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3645682690

From dyama at openjdk.org  Fri Dec 12 09:42:13 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Fri, 12 Dec 2025 09:42:13 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v5]
In-Reply-To: <QXEUUOgCKvGBXL_B5BVgCyT4wS03DEiVwE1j9h0RJgU=.ece95c69-82de-4279-9f76-00bbcae5adfe@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <QXEUUOgCKvGBXL_B5BVgCyT4wS03DEiVwE1j9h0RJgU=.ece95c69-82de-4279-9f76-00bbcae5adfe@github.com>
Message-ID: <GlPjxAoqrbyZiGJ6A-dvUjvmDtU7TiYFTOwJb9S1iUs=.2c15adc8-f1af-411a-9ed1-df7847b1b385@github.com>

On Fri, 12 Dec 2025 09:24:21 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update copyright year to 2025 in multiple HTTP server files

Thanks for pointing that out, I?ve made the changes.
By the way, for files like `src/jdk.httpserver/share/classes\com\sun\net\httpserver\HttpsExchange.java`, which were last updated in 2020 but still have 2013 in their copyright notice, should I go ahead and update it to 2020 as well?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3645699698

From dyama at openjdk.org  Fri Dec 12 09:55:29 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Fri, 12 Dec 2025 09:55:29 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v6]
In-Reply-To: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
Message-ID: <xEatyrvmJlf680y0ol4Ij27bYf9tdUhCxpTsxl7nFo8=.d2e54044-a9a9-43af-ae4f-9bfc605a3c76@github.com>

> Hello mainteners,
> 
> I cleaned up inconsistent spacing across the httpserver codebase.  
> 
> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
> 2. Applied the same rule to function and constructor calls.
> 3. Normalised other spacing based on the majority style already used in the codebase.
> 4. Left spots untouched where keeping the spacing improves readability.
> 
> **This PR only adds or removes spaces. No functional changes.**
> 
> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
> I split the commits, so I can easily revert the one that touches the logic.

Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:

  Add missed copyright year updates to HTTP server files

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28660/files
  - new: https://git.openjdk.org/jdk/pull/28660/files/8087e2d7..b3524357

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=05
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28660&range=04-05

  Stats: 8 lines in 8 files changed: 0 ins; 0 del; 8 mod
  Patch: https://git.openjdk.org/jdk/pull/28660.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28660/head:pull/28660

PR: https://git.openjdk.org/jdk/pull/28660

From jpai at openjdk.org  Fri Dec 12 09:55:29 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Fri, 12 Dec 2025 09:55:29 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v6]
In-Reply-To: <xEatyrvmJlf680y0ol4Ij27bYf9tdUhCxpTsxl7nFo8=.d2e54044-a9a9-43af-ae4f-9bfc605a3c76@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <xEatyrvmJlf680y0ol4Ij27bYf9tdUhCxpTsxl7nFo8=.d2e54044-a9a9-43af-ae4f-9bfc605a3c76@github.com>
Message-ID: <gQr-twaOfQ5QI6yVq50iQxgsiO6kKSriyFNCFGw9h9s=.47c1506d-c48a-4dcc-a374-2970289b942a@github.com>

On Fri, 12 Dec 2025 09:49:46 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add missed copyright year updates to HTTP server files

Thank you for this clean up, the updates and the patience during the review. This looks good to me.

-------------

Marked as reviewed by jpai (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28660#pullrequestreview-3571105492

From jpai at openjdk.org  Fri Dec 12 09:55:30 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Fri, 12 Dec 2025 09:55:30 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v5]
In-Reply-To: <GlPjxAoqrbyZiGJ6A-dvUjvmDtU7TiYFTOwJb9S1iUs=.2c15adc8-f1af-411a-9ed1-df7847b1b385@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <QXEUUOgCKvGBXL_B5BVgCyT4wS03DEiVwE1j9h0RJgU=.ece95c69-82de-4279-9f76-00bbcae5adfe@github.com>
 <GlPjxAoqrbyZiGJ6A-dvUjvmDtU7TiYFTOwJb9S1iUs=.2c15adc8-f1af-411a-9ed1-df7847b1b385@github.com>
Message-ID: <PbTl3G8451BehaXLuvi1rP-wVlD9M26WdSsVZVQ2zCI=.73da17da-2bcc-4d91-b980-5b5a54fe95e5@github.com>

On Fri, 12 Dec 2025 09:39:08 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

> By the way, for files like src/jdk.httpserver/share/classes\com\sun\net\httpserver\HttpsExchange.java, which were last updated in 2020 but still have 2013 in their copyright notice, should I go ahead and update it to 2020 as well?

That looks like an oversight and does happen once in a while. The current PR doesn't touch that file, so you can leave it as is. When that file is updated for any other changes in future, the copyright year can be updated at that time.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3645713346

From dyama at openjdk.org  Fri Dec 12 09:55:33 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Fri, 12 Dec 2025 09:55:33 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v5]
In-Reply-To: <QXEUUOgCKvGBXL_B5BVgCyT4wS03DEiVwE1j9h0RJgU=.ece95c69-82de-4279-9f76-00bbcae5adfe@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <QXEUUOgCKvGBXL_B5BVgCyT4wS03DEiVwE1j9h0RJgU=.ece95c69-82de-4279-9f76-00bbcae5adfe@github.com>
Message-ID: <LMiUggTOM8Zmaudz1fAoUVScIdROnuIDrQOelBhNqVQ=.a28e71f7-37f7-4f63-9f9a-76c97741ef1e@github.com>

On Fri, 12 Dec 2025 09:24:21 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update copyright year to 2025 in multiple HTTP server files

Got it, thanks for the clarification!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3645716612

From duke at openjdk.org  Fri Dec 12 09:55:34 2025
From: duke at openjdk.org (duke)
Date: Fri, 12 Dec 2025 09:55:34 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v5]
In-Reply-To: <QXEUUOgCKvGBXL_B5BVgCyT4wS03DEiVwE1j9h0RJgU=.ece95c69-82de-4279-9f76-00bbcae5adfe@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <QXEUUOgCKvGBXL_B5BVgCyT4wS03DEiVwE1j9h0RJgU=.ece95c69-82de-4279-9f76-00bbcae5adfe@github.com>
Message-ID: <UpI_VeNuC0hSehHey1Pj4UMC091Urs9iTTa-Y8J-nwQ=.1a1f5efc-2937-4b05-bef9-b7001ca6a7cf@github.com>

On Fri, 12 Dec 2025 09:24:21 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update copyright year to 2025 in multiple HTTP server files

@PeyaPeyaPeyang 
Your change (at version b35243572d2ed8ffe41c67517f0308273ae270df) is now ready to be sponsored by a Committer.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3645737285

From dyama at openjdk.org  Fri Dec 12 09:56:19 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Fri, 12 Dec 2025 09:56:19 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v6]
In-Reply-To: <gQr-twaOfQ5QI6yVq50iQxgsiO6kKSriyFNCFGw9h9s=.47c1506d-c48a-4dcc-a374-2970289b942a@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <xEatyrvmJlf680y0ol4Ij27bYf9tdUhCxpTsxl7nFo8=.d2e54044-a9a9-43af-ae4f-9bfc605a3c76@github.com>
 <gQr-twaOfQ5QI6yVq50iQxgsiO6kKSriyFNCFGw9h9s=.47c1506d-c48a-4dcc-a374-2970289b942a@github.com>
Message-ID: <goKf3J26-bgihBsdRamHXE-SyUaqdi8iZTANo_rUwVs=.cd664bcd-7d23-4345-84e0-b2d840c96e9e@github.com>

On Fri, 12 Dec 2025 09:46:38 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

> Thank you for this clean up, the updates and the patience during the review. This looks good to me.

Thanks a lot for all the reviews over time, and thanks to the other reviewers as well.
If the tests go through, it?d be great if you could be a sponsor.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3645748890

From jpai at openjdk.org  Fri Dec 12 10:09:09 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Fri, 12 Dec 2025 10:09:09 GMT
Subject: RFR: 8372746: Some httpserver files could benefit from some
 formatting cleanup [v6]
In-Reply-To: <xEatyrvmJlf680y0ol4Ij27bYf9tdUhCxpTsxl7nFo8=.d2e54044-a9a9-43af-ae4f-9bfc605a3c76@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
 <xEatyrvmJlf680y0ol4Ij27bYf9tdUhCxpTsxl7nFo8=.d2e54044-a9a9-43af-ae4f-9bfc605a3c76@github.com>
Message-ID: <GAgiEIV1OQSYSVisDzfReEUAmnoCyYAM7WElM_6DU3s=.90416522-51a7-4303-8b47-e7c65abd0b2f@github.com>

On Fri, 12 Dec 2025 09:55:29 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

>> Hello mainteners,
>> 
>> I cleaned up inconsistent spacing across the httpserver codebase.  
>> 
>> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
>> 2. Applied the same rule to function and constructor calls.
>> 3. Normalised other spacing based on the majority style already used in the codebase.
>> 4. Left spots untouched where keeping the spacing improves readability.
>> 
>> **This PR only adds or removes spaces. No functional changes.**
>> 
>> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
>> I split the commits, so I can easily revert the one that touches the logic.
>
> Daisuke Yamazaki has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add missed copyright year updates to HTTP server files

I've launched a CI run with these recent updates. One of us will sponsor this PR once that run completes without issues.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28660#issuecomment-3645801363

From dyama at openjdk.org  Fri Dec 12 12:07:13 2025
From: dyama at openjdk.org (Daisuke Yamazaki)
Date: Fri, 12 Dec 2025 12:07:13 GMT
Subject: Integrated: 8372746: Some httpserver files could benefit from some
 formatting cleanup
In-Reply-To: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
References: <IhTcAaktcS_KuOXaAT9IpYGNl3UiMmQxoItHQvfyyV4=.665348a0-de07-46b5-abc0-c68f8158a1dc@github.com>
Message-ID: <uYIV7WB_oEiT0pUqrMeJvBTffWwerhanVz78KXp8bzI=.296d74a4-1dea-44cd-9e40-edcccd595011@github.com>

On Thu, 4 Dec 2025 16:19:07 GMT, Daisuke Yamazaki <dyama at openjdk.org> wrote:

> Hello mainteners,
> 
> I cleaned up inconsistent spacing across the httpserver codebase.  
> 
> 1. Removed extra spaces before parentheses in function and constructor declarations to make them consistent.
> 2. Applied the same rule to function and constructor calls.
> 3. Normalised other spacing based on the majority style already used in the codebase.
> 4. Left spots untouched where keeping the spacing improves readability.
> 
> **This PR only adds or removes spaces. No functional changes.**
> 
> If you think it would have been better to update only the documentation part and leave the logic untouched, please let me know.
> I split the commits, so I can easily revert the one that touches the logic.

This pull request has now been integrated.

Changeset: 180d8c1b
Author:    Daisuke Yamazaki <dyama at openjdk.org>
Committer: Jaikiran Pai <jpai at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/180d8c1b57efb29f8f016843d66daca59bb5934f
Stats:     730 lines in 36 files changed: 0 ins; 1 del; 729 mod

8372746: Some httpserver files could benefit from some formatting cleanup

Reviewed-by: jpai, mikael, michaelm, djelinski, dfuchs

-------------

PR: https://git.openjdk.org/jdk/pull/28660

From djelinski at openjdk.org  Fri Dec 12 12:42:01 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Fri, 12 Dec 2025 12:42:01 GMT
Subject: RFR: 8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java
 failed due to deadlock
Message-ID: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>

This PR fixes a deadlock between the `localConnectionIdManager` and the `connections` map by closing the manager before calling `connections.compute`.

No new tests; the issue requires a complex setup to reproduce, and the new code is easy enough to reason about. Existing tests continue to pass.

-------------

Commit messages:
 - Reorder QuicConnectionImpl check first
 - Add bug ID
 - Avoid calling methods in QUIC package from CHM.compute

Changes: https://git.openjdk.org/jdk/pull/28788/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28788&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373409
  Stats: 57 lines in 2 files changed: 21 ins; 26 del; 10 mod
  Patch: https://git.openjdk.org/jdk/pull/28788.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28788/head:pull/28788

PR: https://git.openjdk.org/jdk/pull/28788

From djelinski at openjdk.org  Fri Dec 12 12:42:01 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Fri, 12 Dec 2025 12:42:01 GMT
Subject: RFR: 8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java
 failed due to deadlock
In-Reply-To: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
References: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
Message-ID: <v326L2lJlSdNtplzN0URu2B7h9ezPcCE6dtOsXpB38Y=.7980d20e-8b2c-43e3-bd13-c73679687223@github.com>

On Fri, 12 Dec 2025 12:31:07 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> This PR fixes a deadlock between the `localConnectionIdManager` and the `connections` map by closing the manager before calling `connections.compute`.
> 
> No new tests; the issue requires a complex setup to reproduce, and the new code is easy enough to reason about. Existing tests continue to pass.

I checked all other uses of `CHM.compute` in the `java.net.http` module; most of them are trivially correct. The ones in `AltServiceRegistry` are not trivial, and might need to be replaced with something easier to reason about. I'll look into that.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28788#issuecomment-3646319986

From michaelm at openjdk.org  Fri Dec 12 14:53:17 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Fri, 12 Dec 2025 14:53:17 GMT
Subject: RFR: 8372731: Detailed authentication failure messages [v2]
In-Reply-To: <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
 <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
Message-ID: <GUBP7ksdvm5sAbhqVYjMmC5CqJcSn0wNwt-mEEoKuPY=.8068f6d2-19ef-44ff-8751-a002264b2f7b@github.com>

On Mon, 8 Dec 2025 19:25:23 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
>> 
>> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
>> 
>> This PR adds the original exception as the cause of the "Authentication failure" exception.
>> 
>> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
>> 
>> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.
>
> Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fail test if no exception is thrown

src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java line 351:

> 349:             return null;
> 350:         }
> 351:     }

I was wondering if we should let the exception propagate in these cases as well. Though I think these methods get called primarily through pre-emptive authentication, which is less likely to fail (with an exception). So, maybe they are okay...

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28601#discussion_r2614469045

From michaelm at openjdk.org  Fri Dec 12 15:14:12 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Fri, 12 Dec 2025 15:14:12 GMT
Subject: RFR: 8372731: Detailed authentication failure messages [v2]
In-Reply-To: <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
 <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
Message-ID: <KfPldLnb1GGfR7i3GaVxP2UGqTyxDLF7s6xC8jGsCWU=.abbbd258-2c21-4468-99cd-5478e21266fa@github.com>

On Mon, 8 Dec 2025 19:25:23 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
>> 
>> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
>> 
>> This PR adds the original exception as the cause of the "Authentication failure" exception.
>> 
>> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
>> 
>> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.
>
> Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fail test if no exception is thrown

Looks fine.

-------------

Marked as reviewed by michaelm (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28601#pullrequestreview-3572255373

From vyazici at openjdk.org  Fri Dec 12 18:23:16 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 12 Dec 2025 18:23:16 GMT
Subject: RFR: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException [v9]
In-Reply-To: <uGrxel3phG1TrzDjG-OsJYGcc9_FJfY29_hC1oqd1zE=.d48e4f39-0c3b-49d8-a33c-617c4d1cb5bc@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
 <mkTqyziZ7G7JvBkYjA9GOffAGaEEu5cK0EQFe3cQbDg=.6cd827e9-ef65-4c8f-8b1e-fff7c47bfa8e@github.com>
 <uGrxel3phG1TrzDjG-OsJYGcc9_FJfY29_hC1oqd1zE=.d48e4f39-0c3b-49d8-a33c-617c4d1cb5bc@github.com>
Message-ID: <2YGi3lzYMQuvQd7OIsrmriQtAkDSDtuPxhKugHPfQUg=.8a1b1eeb-6935-44b1-b16a-bfc6b064d6b6@github.com>

On Thu, 11 Dec 2025 15:11:51 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Double-quote `Transfer-Encoding` in exception message
>
> LGTM

@dfuch, @djelinski, thanks so much for your kind assistance and patience.

Tier 1-2 are clear.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28431#issuecomment-3647622304

From vyazici at openjdk.org  Fri Dec 12 18:23:18 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 12 Dec 2025 18:23:18 GMT
Subject: Integrated: 8369595: HttpClient: HttpHeaders.firstValueAsLong failures
 should be converted to ProtocolException
In-Reply-To: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
References: <LzyZCQ6q76WekHFtpgGx84u0C6TfOl-R_EpWMeg6Oac=.2a66207c-a933-4345-bef1-405c12ca2599@github.com>
Message-ID: <0Hq22EWWkiNZ62W54waJzhAe4KV4uNsl3TrL-67d3zE=.678788dc-b85a-4646-bd94-297cd473a63a@github.com>

On Thu, 20 Nov 2025 14:13:50 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> Add guards against `HttpHeaders::firstValueAsLong` failures. `H3MalformedResponseTest` is overhauled ? migrated to JUnit, reinforced with exception type tests, etc. ? but not all `firstValueAsLong` changes are verified with new additional tests. `test/jdk/java/net/httpclient/` tests still do pass.

This pull request has now been integrated.

Changeset: b6319f5b
Author:    Volkan Yazici <vyazici at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/b6319f5b42738cc760711a3b8b5d442d14a0ed74
Stats:     674 lines in 7 files changed: 251 ins; 128 del; 295 mod

8369595: HttpClient: HttpHeaders.firstValueAsLong failures should be converted to ProtocolException

Reviewed-by: dfuchs, djelinski

-------------

PR: https://git.openjdk.org/jdk/pull/28431

From vyazici at openjdk.org  Fri Dec 12 18:56:30 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 12 Dec 2025 18:56:30 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext" [v3]
In-Reply-To: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
Message-ID: <bMs3TowpH3ydkNT0LaWq3y5i_K923cMzXj_Ou-k3zuk=.5236b8c9-b82f-40ef-88fa-2e1c04502cce@github.com>

> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.

Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:

  Make sure `get()` returns the same instance

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28765/files
  - new: https://git.openjdk.org/jdk/pull/28765/files/d4c9b312..b52e442f

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28765&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28765&range=01-02

  Stats: 23 lines in 1 file changed: 10 ins; 7 del; 6 mod
  Patch: https://git.openjdk.org/jdk/pull/28765.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28765/head:pull/28765

PR: https://git.openjdk.org/jdk/pull/28765

From vyazici at openjdk.org  Fri Dec 12 18:56:33 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 12 Dec 2025 18:56:33 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext" [v2]
In-Reply-To: <Z7fx_EDYeK_rwb9vrzxL20Ioz-ItxrGv6QDyBJitVbA=.24e781b1-84e6-4ec6-972e-57e7f58c5612@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
 <Gi8BJtIRBoL6dTwuB6ic-0PTBQU16TGkAxbiBY-4d0E=.b461ddca-afc7-4537-9a99-4afa34659f79@github.com>
 <Z7fx_EDYeK_rwb9vrzxL20Ioz-ItxrGv6QDyBJitVbA=.24e781b1-84e6-4ec6-972e-57e7f58c5612@github.com>
Message-ID: <d0Y9aam2CQ0ta6mTdY-c5oy_EKNPBMx-c31xzY7M-jQ=.53c1288f-2bb5-4ba0-898e-5c2a5ece63c2@github.com>

On Thu, 11 Dec 2025 18:55:05 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Reverted all changes and only kept `SimpleSSLContext` enhancements
>
> test/lib/jdk/test/lib/net/SimpleSSLContext.java line 159:
> 
>> 157:         }
>> 158:     }
>> 159: 
> 
> I believe you need to keep the `ssl` instance variable here, and return that if not null.  Or set it in the constructor. As we have seen with httpclient test sharing the same context can lead to subtle behavioral difference, so it would be better if this change didn't bring behavioral changes to the old API.
> 
> In other words - you should be able to assert that:
> 
> 
> new SimpleSSLContext().get() != new SimpleSSLContext().get()
> 
> 
> and that
> 
> 
> var context = new SimpleSLLContex();
> context.get() == context.get();

Right. Introduced `ssl` instance field back in b52e442fe6a.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28765#discussion_r2615246395

From vyazici at openjdk.org  Fri Dec 12 19:03:39 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 12 Dec 2025 19:03:39 GMT
Subject: RFR: 8373515: Migrate "test/jdk/java/net/httpclient/" to null-safe
 "SimpleSSLContext" methods [v2]
In-Reply-To: <jODBufbtCDhCiI4q08shMw_DYJQ0HNXkykQPNh4H9uE=.8172693a-46c4-4601-93ac-20fa7cda9842@github.com>
References: <jODBufbtCDhCiI4q08shMw_DYJQ0HNXkykQPNh4H9uE=.8172693a-46c4-4601-93ac-20fa7cda9842@github.com>
Message-ID: <BI91VTDqV86P0H-awqLLZxF3__DwKXxx3Eu1TmOLcus=.cba5edff-6e7d-4bce-9c2a-c7f336f3238e@github.com>

> Migrates `test/jdk/java/net/httpclient/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.
> 
> [JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661

Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:

  Make sure `get()` returns the same instance

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28771/files
  - new: https://git.openjdk.org/jdk/pull/28771/files/381ae11a..74ec5a69

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28771&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28771&range=00-01

  Stats: 23 lines in 1 file changed: 10 ins; 7 del; 6 mod
  Patch: https://git.openjdk.org/jdk/pull/28771.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28771/head:pull/28771

PR: https://git.openjdk.org/jdk/pull/28771

From vyazici at openjdk.org  Fri Dec 12 19:05:24 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 12 Dec 2025 19:05:24 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext" [v4]
In-Reply-To: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
Message-ID: <5lKedsCws1SZ_ATPYksUcXzM2UOuSkqcC6eo6vfmxTM=.521838e4-137c-45ba-aabe-920181248c23@github.com>

> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.

Volkan Yazici has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:

  Make sure `get()` returns the same instance

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28765/files
  - new: https://git.openjdk.org/jdk/pull/28765/files/b52e442f..fa00d901

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28765&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28765&range=02-03

  Stats: 10 lines in 1 file changed: 0 ins; 8 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28765.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28765/head:pull/28765

PR: https://git.openjdk.org/jdk/pull/28765

From vyazici at openjdk.org  Fri Dec 12 19:34:32 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 12 Dec 2025 19:34:32 GMT
Subject: RFR: 8373515: Migrate "test/jdk/java/net/httpclient/" to null-safe
 "SimpleSSLContext" methods [v3]
In-Reply-To: <jODBufbtCDhCiI4q08shMw_DYJQ0HNXkykQPNh4H9uE=.8172693a-46c4-4601-93ac-20fa7cda9842@github.com>
References: <jODBufbtCDhCiI4q08shMw_DYJQ0HNXkykQPNh4H9uE=.8172693a-46c4-4601-93ac-20fa7cda9842@github.com>
Message-ID: <TlGei8QtMCBLH_UsutD4cTTnQYefyhNbik3l5UNRaq4=.a5f85eba-e416-4086-9f25-b00da6d738f8@github.com>

> Migrates `test/jdk/java/net/httpclient/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.
> 
> [JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661

Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains five commits:

 - Merge remote-tracking branch 'upstream/master' into simpleSslHc
 - Make sure `get()` returns the same instance
 - Restore `test/jdk/java/net/httpclient/` changes
 - Reverted all changes and only kept `SimpleSSLContext` enhancements
 - Overhaul `SimpleSSLContext` and its usages

-------------

Changes: https://git.openjdk.org/jdk/pull/28771/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28771&range=02
  Stats: 1080 lines in 180 files changed: 114 ins; 671 del; 295 mod
  Patch: https://git.openjdk.org/jdk/pull/28771.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28771/head:pull/28771

PR: https://git.openjdk.org/jdk/pull/28771

From vyazici at openjdk.org  Fri Dec 12 19:39:12 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 12 Dec 2025 19:39:12 GMT
Subject: RFR: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to null-safe
 "SimpleSSLContext" methods
Message-ID: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>

Migrates `test/jdk/com/sun/net/httpserver/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.

-------------

Commit messages:
 - Restore `test/jdk/com/sun/net/httpserver/` changes
 - Make sure `get()` returns the same instance
 - Reverted all changes and only kept `SimpleSSLContext` enhancements
 - Overhaul `SimpleSSLContext` and its usages

Changes: https://git.openjdk.org/jdk/pull/28800/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28800&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373537
  Stats: 136 lines in 16 files changed: 52 ins; 24 del; 60 mod
  Patch: https://git.openjdk.org/jdk/pull/28800.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28800/head:pull/28800

PR: https://git.openjdk.org/jdk/pull/28800

From vyazici at openjdk.org  Fri Dec 12 19:39:13 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 12 Dec 2025 19:39:13 GMT
Subject: RFR: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to
 null-safe "SimpleSSLContext" methods
In-Reply-To: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
References: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
Message-ID: <8XiB8IwBDDaQ6FcLtBcqeGDk_tOEjTX4bFChmvS6Fts=.a93268c3-6979-4595-a143-f1e31dc38aaa@github.com>

On Fri, 12 Dec 2025 19:31:15 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> Migrates `test/jdk/com/sun/net/httpserver/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.

test/lib/jdk/test/lib/net/SimpleSSLContext.java line 1:

> 1: /*

This file will be provided by [JDK-8372661].

[JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28800#discussion_r2615352390

From duke at openjdk.org  Sat Dec 13 04:40:54 2025
From: duke at openjdk.org (EunHyunsu)
Date: Sat, 13 Dec 2025 04:40:54 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
Message-ID: <wYgpM_9x8dc39fN_gBc84DuyINPd1Rso08uQyNFoJrM=.fcabb205-3e56-4316-a44a-bd79d1ca006d@github.com>

On Wed, 10 Dec 2025 23:34:02 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest

@jaikiran Thank you for the detailed review! I've addressed all your feedback:

1. **Http2Connection.java**: Removed the `else` block so `close(cause)` ? `doTerminate()` handles processed streams. This ensures connection closure cause and stream termination cause are consistent.

2. **GoAwayWithErrorTest.java**:
- Using `URIBuilder` with server's actual address instead of "localhost"
- Removed timeout from `goAwaySentLatch.await()`
- Removed entire `allOf().orTimeout().join()` block
- Replaced success counting with direct `assertEquals(200, response.statusCode())`

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3648915702

From duke at openjdk.org  Sat Dec 13 05:18:57 2025
From: duke at openjdk.org (EunHyunsu)
Date: Sat, 13 Dec 2025 05:18:57 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v8]
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <k011X7ji_z8YFQd1_4UMZ9fE7HOdCHEADSwdH2J4w_A=.88c96147-ee34-40d6-8fa8-5a3cdf6d8a44@github.com>

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:

  8371903: Address code review feedback

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28632/files
  - new: https://git.openjdk.org/jdk/pull/28632/files/6068c1f9..566dfe23

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=07
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=06-07

  Stats: 26 lines in 2 files changed: 6 ins; 15 del; 5 mod
  Patch: https://git.openjdk.org/jdk/pull/28632.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28632/head:pull/28632

PR: https://git.openjdk.org/jdk/pull/28632

From duke at openjdk.org  Sat Dec 13 05:18:59 2025
From: duke at openjdk.org (Christoph =?UTF-8?B?TMOkdWJyaWNo?=)
Date: Sat, 13 Dec 2025 05:18:59 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
Message-ID: <DNHmyRO9FLH4jBLCIjVNH5BedY04s6mz8DLYp-_Yk5c=.7d738e4e-346c-405e-8331-7a56e187368d@github.com>

On Wed, 10 Dec 2025 23:34:02 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest

test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 162:

> 160:                         && goawayError.getMessage().contains("0x1")
> 161:                         && goawayError.getMessage().contains(DEBUG_MESSAGE),
> 162:                 "Failed request should contain GOAWAY error details: " + goawayError.getMessage());

I think this test assertion alone already shows that a client has only the chance to use String parsing what I think is bad (both for test and for production code).

If its not planned to have an own public type, can it at least be an internal exception type that can be used in the test?
Maybe a Http2ProtocolError?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2616080209

From duke at openjdk.org  Sun Dec 14 11:42:00 2025
From: duke at openjdk.org (EunHyunsu)
Date: Sun, 14 Dec 2025 11:42:00 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <DNHmyRO9FLH4jBLCIjVNH5BedY04s6mz8DLYp-_Yk5c=.7d738e4e-346c-405e-8331-7a56e187368d@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <DNHmyRO9FLH4jBLCIjVNH5BedY04s6mz8DLYp-_Yk5c=.7d738e4e-346c-405e-8331-7a56e187368d@github.com>
Message-ID: <ooc548YvpVY5khiofydNljPcgXk-2KsTSslc8SgAeP4=.10092dd9-0847-4055-a915-6077d1c3336b@github.com>

On Sat, 13 Dec 2025 05:12:33 GMT, Christoph L?ubrich <duke at openjdk.org> wrote:

>> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest
>
> test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 162:
> 
>> 160:                         && goawayError.getMessage().contains("0x1")
>> 161:                         && goawayError.getMessage().contains(DEBUG_MESSAGE),
>> 162:                 "Failed request should contain GOAWAY error details: " + goawayError.getMessage());
> 
> I think this test assertion alone already shows that a client has only the chance to use String parsing what I think is bad (both for test and for production code).
> 
> If its not planned to have an own public type, can it at least be an internal exception type that can be used in the test?
> Maybe a Http2ProtocolError?

@laeubi I appreciate your suggestion about semantic error handling. I looked into how HTTP/3 handles similar cases for consistency.

HTTP/3 tests also use string parsing to verify error messages. For example, in `test/jdk/java/net/httpclient/http3/H3ErrorHandlingTest.java:954-955`:


assertTrue(cause.getMessage().contains(reason),
        cause.getMessage() + " does not contain " + reason);

This pattern is used throughout HTTP/3 tests (e.g., verifying "INTERNAL_ERROR", "CRYPTO_ERROR", "H3_EXCESSIVE_LOAD" in error messages).

As @djelinski mentioned, this PR brings HTTP/2 error handling to parity with HTTP/3's current approach. I agree that a specialized exception type would be valuable, but it would ideally be done consistently across both HTTP/2 and HTTP/3 as a future enhancement.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2616948240

From djelinski at openjdk.org  Mon Dec 15 08:43:14 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 15 Dec 2025 08:43:14 GMT
Subject: RFR: 8372731: Detailed authentication failure messages [v2]
In-Reply-To: <KfPldLnb1GGfR7i3GaVxP2UGqTyxDLF7s6xC8jGsCWU=.abbbd258-2c21-4468-99cd-5478e21266fa@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
 <4eygl2bAHZMuUzR1SPpNZ54FxFOqodObZN7-yBi_hZ0=.db3d79c4-2f30-4116-8f20-55fe02c3c46e@github.com>
 <KfPldLnb1GGfR7i3GaVxP2UGqTyxDLF7s6xC8jGsCWU=.abbbd258-2c21-4468-99cd-5478e21266fa@github.com>
Message-ID: <zHhlmitHGazVbRNINsxW26EkeGyGq-8SXFqRDxEioOw=.cb4fb2a3-75d2-494c-af96-91a4a1944c8f@github.com>

On Fri, 12 Dec 2025 15:11:18 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

>> Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Fail test if no exception is thrown
>
> Looks fine.

Thanks @Michael-Mc-Mahon for the review and @dfuch for the re-review.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28601#issuecomment-3654436005

From djelinski at openjdk.org  Mon Dec 15 08:43:16 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 15 Dec 2025 08:43:16 GMT
Subject: Integrated: 8372731: Detailed authentication failure messages
In-Reply-To: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
References: <fvHfrucuAov7QALJBjWsVyeWJs4wfTm8pxJSh7zW_-E=.a678e9cb-8667-4d91-83c0-2310872507ab@github.com>
Message-ID: <PrDhj5D-6HucIFYZa3sKteNXEMt9swZXxhFOJRdmF9E=.479f3a0f-e509-474c-92ad-dac1d8db386e@github.com>

On Tue, 2 Dec 2025 11:39:23 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
> 
> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
> 
> This PR adds the original exception as the cause of the "Authentication failure" exception.
> 
> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
> 
> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.

This pull request has now been integrated.

Changeset: 895232fc
Author:    Daniel Jeli?ski <djelinski at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/895232fc65cab9ba3863b48cab27b688096a7435
Stats:     303 lines in 10 files changed: 218 ins; 27 del; 58 mod

8372731: Detailed authentication failure messages

Reviewed-by: dfuchs, michaelm

-------------

PR: https://git.openjdk.org/jdk/pull/28601

From dfuchs at openjdk.org  Mon Dec 15 09:15:49 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 09:15:49 GMT
Subject: RFR: 8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java
 failed due to deadlock
In-Reply-To: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
References: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
Message-ID: <Ga8M2U1Lq6kHT7yjjmpcnU1cQedvflyWp0AJByHU2jo=.60f47eab-97f9-40a6-96d6-efce0f84fdbf@github.com>

On Fri, 12 Dec 2025 12:31:07 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> This PR fixes a deadlock between the `localConnectionIdManager` and the `connections` map by closing the manager before calling `connections.compute`.
> 
> No new tests; the issue requires a complex setup to reproduce, and the new code is easy enough to reason about. Existing tests continue to pass.

src/java.net.http/share/classes/jdk/internal/net/http/quic/QuicEndpoint.java line 1593:

> 1591:         // we can ignore stateless reset in the draining state.
> 1592:         remapPeerIssuedResetToken(connection, draining);
> 1593:         draining.startTimer();

shouldn't we start the timer only if the connection has been added, and therefore call startTimer in compute?

src/java.net.http/share/classes/jdk/internal/net/http/quic/QuicEndpoint.java line 1630:

> 1628:         var closingConnection = new ClosingConnection(connection.connectionIds(), idleTimeout, datagram);
> 1629:         remapPeerIssuedResetToken(connection, closingConnection);
> 1630:         closingConnection.startTimer();

Same question here.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28788#discussion_r2618578014
PR Review Comment: https://git.openjdk.org/jdk/pull/28788#discussion_r2618586753

From dfuchs at openjdk.org  Mon Dec 15 09:26:14 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 09:26:14 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext" [v4]
In-Reply-To: <5lKedsCws1SZ_ATPYksUcXzM2UOuSkqcC6eo6vfmxTM=.521838e4-137c-45ba-aabe-920181248c23@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
 <5lKedsCws1SZ_ATPYksUcXzM2UOuSkqcC6eo6vfmxTM=.521838e4-137c-45ba-aabe-920181248c23@github.com>
Message-ID: <0E4MYv9wtZpm4aBKSaTrCxaqi_YLjYneCjDHrnErfbc=.01907b2c-87d6-42ba-b79e-34d98c16f930@github.com>

On Fri, 12 Dec 2025 19:05:24 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.
>
> Volkan Yazici has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:
> 
>   Make sure `get()` returns the same instance

LGTM. It would be good to have someone from security-libs review this too.

-------------

Marked as reviewed by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28765#pullrequestreview-3577204866

From dfuchs at openjdk.org  Mon Dec 15 09:37:33 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 09:37:33 GMT
Subject: RFR: 8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java
 failed due to deadlock
In-Reply-To: <v326L2lJlSdNtplzN0URu2B7h9ezPcCE6dtOsXpB38Y=.7980d20e-8b2c-43e3-bd13-c73679687223@github.com>
References: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
 <v326L2lJlSdNtplzN0URu2B7h9ezPcCE6dtOsXpB38Y=.7980d20e-8b2c-43e3-bd13-c73679687223@github.com>
Message-ID: <fb7uBfChNeHF35I6rPN38boqMnKuQrwnWYBuvHdp0Ww=.23008312-aa62-4798-ab60-fb370843d65f@github.com>

On Fri, 12 Dec 2025 12:37:10 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> I checked all other uses of `CHM.compute` in the `java.net.http` module; most of them are trivially correct. The ones in `AltServiceRegistry` are not trivial, and might need to be replaced with something easier to reason about. I'll look into that.
> 
> EDIT - checked the `AltServiceRegistry`; `compute` is only used on a (non-concurrent) HashMap while holding a lock, and the lambdas only use functions internal to the registry. This should be fine as well.

Thanks for checking the other uses of `CHM.compute` @djelinski !

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28788#issuecomment-3654660513

From myankelevich at openjdk.org  Mon Dec 15 09:59:03 2025
From: myankelevich at openjdk.org (Mikhail Yankelevich)
Date: Mon, 15 Dec 2025 09:59:03 GMT
Subject: RFR: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to
 null-safe "SimpleSSLContext" methods
In-Reply-To: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
References: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
Message-ID: <jQfz-mbbexuGkSM-xR3DZC43L3fDZJOHXanq0drVLrw=.807922d0-e56e-4eab-b9c5-5cc08e133a6c@github.com>

On Fri, 12 Dec 2025 19:31:15 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> Migrates `test/jdk/com/sun/net/httpserver/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.

test/jdk/com/sun/net/httpserver/HttpsParametersClientAuthTest.java line 172:

> 170:         // by the server
> 171:         final SSLContext serverSSLCtx = new SimpleSSLContext().get();
> 172:         assertNotNull(serverSSLCtx, "could not create SSLContext");

Minor: Do you think this might still happen? What do you think about adding this as a part of the first run test in case the initialisation fails? Just for debugging convenience

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28800#discussion_r2618729960

From djelinski at openjdk.org  Mon Dec 15 10:01:13 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Mon, 15 Dec 2025 10:01:13 GMT
Subject: RFR: 8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java
 failed due to deadlock
In-Reply-To: <Ga8M2U1Lq6kHT7yjjmpcnU1cQedvflyWp0AJByHU2jo=.60f47eab-97f9-40a6-96d6-efce0f84fdbf@github.com>
References: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
 <Ga8M2U1Lq6kHT7yjjmpcnU1cQedvflyWp0AJByHU2jo=.60f47eab-97f9-40a6-96d6-efce0f84fdbf@github.com>
Message-ID: <Tv59xcIRRvsZCCs4A-qhlMc6uPVek7rfZd1A11i2hV0=.ce1e2bee-e767-4d64-8b18-0b78dafbfd3e@github.com>

On Mon, 15 Dec 2025 09:10:21 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> This PR fixes a deadlock between the `localConnectionIdManager` and the `connections` map by closing the manager before calling `connections.compute`.
>> 
>> No new tests; the issue requires a complex setup to reproduce, and the new code is easy enough to reason about. Existing tests continue to pass.
>
> src/java.net.http/share/classes/jdk/internal/net/http/quic/QuicEndpoint.java line 1593:
> 
>> 1591:         // we can ignore stateless reset in the draining state.
>> 1592:         remapPeerIssuedResetToken(connection, draining);
>> 1593:         draining.startTimer();
> 
> shouldn't we start the timer only if the connection has been added, and therefore call startTimer in compute?

I'd rather not call this from compute; every method called from the compute lambda increases the risk of reintroducing the deadlock, so I'd like to keep the lambda to a minimum.

Most of the time the connection will be added; the only case where it won't is when there are multiple threads attempting to close the connection in parallel. The timer task only removes the connection from the endpoint, so, worst case, we will remove the connection IDs and the reset tokens twice. The second removal will likely be a no-op, unless we somehow manage to reassign the IDs or the tokens to a different connection.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28788#discussion_r2618740481

From dfuchs at openjdk.org  Mon Dec 15 10:56:33 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 10:56:33 GMT
Subject: RFR: 8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java
 failed due to deadlock
In-Reply-To: <Tv59xcIRRvsZCCs4A-qhlMc6uPVek7rfZd1A11i2hV0=.ce1e2bee-e767-4d64-8b18-0b78dafbfd3e@github.com>
References: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
 <Ga8M2U1Lq6kHT7yjjmpcnU1cQedvflyWp0AJByHU2jo=.60f47eab-97f9-40a6-96d6-efce0f84fdbf@github.com>
 <Tv59xcIRRvsZCCs4A-qhlMc6uPVek7rfZd1A11i2hV0=.ce1e2bee-e767-4d64-8b18-0b78dafbfd3e@github.com>
Message-ID: <T89vgiM1g_zvhHaZxqCr74h0lIpnQU8zHOL2WFqXJeo=.39e6213b-d664-4be5-bb7a-bcccecf496d7@github.com>

On Mon, 15 Dec 2025 09:58:08 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> src/java.net.http/share/classes/jdk/internal/net/http/quic/QuicEndpoint.java line 1593:
>> 
>>> 1591:         // we can ignore stateless reset in the draining state.
>>> 1592:         remapPeerIssuedResetToken(connection, draining);
>>> 1593:         draining.startTimer();
>> 
>> shouldn't we start the timer only if the connection has been added, and therefore call startTimer in compute?
>
> I'd rather not call this from compute; every method called from the compute lambda increases the risk of reintroducing the deadlock, so I'd like to keep the lambda to a minimum.
> 
> Most of the time the connection will be added; the only case where it won't is when there are multiple threads attempting to close the connection in parallel. The timer task only removes the connection from the endpoint, so, worst case, we will remove the connection IDs and the reset tokens twice. The second removal will likely be a no-op, unless we somehow manage to reassign the IDs or the tokens to a different connection.

A look at `startTimer` lets me think that it should be safe, but OK. I suspect the double removal would not be an issue - IIRC we check with == on the removed connection, but we would be potentially adding an event to the timer queue which will wake up the timer queue for nothing. We could add a boolean field to ClosingConnection that we could set to `true` if the connection is added and check that after compute has been called, and start the timer then. I'll let you decide if it's worth it.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28788#discussion_r2618920915

From jpai at openjdk.org  Mon Dec 15 13:13:16 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Mon, 15 Dec 2025 13:13:16 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v8]
In-Reply-To: <k011X7ji_z8YFQd1_4UMZ9fE7HOdCHEADSwdH2J4w_A=.88c96147-ee34-40d6-8fa8-5a3cdf6d8a44@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <k011X7ji_z8YFQd1_4UMZ9fE7HOdCHEADSwdH2J4w_A=.88c96147-ee34-40d6-8fa8-5a3cdf6d8a44@github.com>
Message-ID: <bFjPzf7tuLIK7YFDCAzG0wzaGAexP6F8z4pcr6FZFXs=.bd71f4bc-efca-4b0b-85d2-01604b0f953d@github.com>

On Sat, 13 Dec 2025 05:18:57 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Address code review feedback

Marked as reviewed by jpai (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28632#pullrequestreview-3578113395

From jpai at openjdk.org  Mon Dec 15 13:13:19 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Mon, 15 Dec 2025 13:13:19 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <wYgpM_9x8dc39fN_gBc84DuyINPd1Rso08uQyNFoJrM=.fcabb205-3e56-4316-a44a-bd79d1ca006d@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <wYgpM_9x8dc39fN_gBc84DuyINPd1Rso08uQyNFoJrM=.fcabb205-3e56-4316-a44a-bd79d1ca006d@github.com>
Message-ID: <fT7LeciPDYuFtDJaxTb24dCSgYtuydnYTYXPajr2-TA=.6b748eb1-39b5-4421-b3ae-f54228c4e857@github.com>

On Sat, 13 Dec 2025 04:38:25 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8371903: Use Utils.adjustTimeout() in GoAwayWithErrorTest
>
> @jaikiran Thank you for the detailed review! I've addressed all your feedback:
> 
> 1. **Http2Connection.java**: Removed the `else` block so `close(cause)` ? `doTerminate()` handles processed streams. This ensures connection closure cause and stream termination cause are consistent.
> 
> 2. **GoAwayWithErrorTest.java**:
> - Using `URIBuilder` with server's actual address instead of "localhost"
> - Removed timeout from `goAwaySentLatch.await()`
> - Removed entire `allOf().orTimeout().join()` block
> - Replaced success counting with direct `assertEquals(200, response.statusCode())`

Thank you @ehs208 for these updates. The changes look good to me. I'll run the latest changes in our CI to make sure this continues to pass.

On a related note, have you run tier2 locally with these changes? The GitHub actions job only run tier1 and networking tests aren't covered in that. It would be good to run tier2 on your local setup too - that way any future contributions in this area can be tested locally to verify that changes don't break unexpected existing tests.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3655560537

From mbaesken at openjdk.org  Mon Dec 15 13:23:47 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Mon, 15 Dec 2025 13:23:47 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
Message-ID: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>

We have a Linux machine with IPV6 disabled.
There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
Error is

java.lang.RuntimeException: Server failed to start.
at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
at java.base/java.lang.reflect.Method.invoke(Method.java:565)
at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
at java.base/java.lang.Thread.run(Thread.java:1516)
Caused by: java.net.SocketException: Protocol family unavailable


After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .

-------------

Commit messages:
 - JDK-8373676

Changes: https://git.openjdk.org/jdk/pull/28825/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28825&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373676
  Stats: 16 lines in 2 files changed: 11 ins; 0 del; 5 mod
  Patch: https://git.openjdk.org/jdk/pull/28825.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28825/head:pull/28825

PR: https://git.openjdk.org/jdk/pull/28825

From jpai at openjdk.org  Mon Dec 15 13:27:18 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Mon, 15 Dec 2025 13:27:18 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <ooc548YvpVY5khiofydNljPcgXk-2KsTSslc8SgAeP4=.10092dd9-0847-4055-a915-6077d1c3336b@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <DNHmyRO9FLH4jBLCIjVNH5BedY04s6mz8DLYp-_Yk5c=.7d738e4e-346c-405e-8331-7a56e187368d@github.com>
 <ooc548YvpVY5khiofydNljPcgXk-2KsTSslc8SgAeP4=.10092dd9-0847-4055-a915-6077d1c3336b@github.com>
Message-ID: <z4YKYscbg-xsmmmnibGLMeN60UYrzsux5-ER9u8sumw=.ffc5539c-b88e-4ec7-9d20-b3463ac8a972@github.com>

On Sun, 14 Dec 2025 11:39:12 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> test/jdk/java/net/httpclient/http2/GoAwayWithErrorTest.java line 162:
>> 
>>> 160:                         && goawayError.getMessage().contains("0x1")
>>> 161:                         && goawayError.getMessage().contains(DEBUG_MESSAGE),
>>> 162:                 "Failed request should contain GOAWAY error details: " + goawayError.getMessage());
>> 
>> I think this test assertion alone already shows that a client has only the chance to use String parsing what I think is bad (both for test and for production code).
>> 
>> If its not planned to have an own public type, can it at least be an internal exception type that can be used in the test?
>> Maybe a Http2ProtocolError?
>
> @laeubi I appreciate your suggestion about semantic error handling. I looked into how HTTP/3 handles similar cases for consistency.
> 
> HTTP/3 tests also use string parsing to verify error messages. For example, in `test/jdk/java/net/httpclient/http3/H3ErrorHandlingTest.java:954-955`:
> 
> 
> assertTrue(cause.getMessage().contains(reason),
>         cause.getMessage() + " does not contain " + reason);
> 
> This pattern is used throughout HTTP/3 tests (e.g., verifying "INTERNAL_ERROR", "CRYPTO_ERROR", "H3_EXCESSIVE_LOAD" in error messages).
> 
> As @djelinski mentioned, this PR brings HTTP/2 error handling to parity with HTTP/3's current approach. I agree that a specialized exception type would be valuable, but it would ideally be done consistently across both HTTP/2 and HTTP/3 as a future enhancement.

Hello Christoph,

> I think this test assertion alone already shows that a client has only the chance to use String parsing what I think is bad (both for test and for production code).

The API specification of HttpClient for send/sendAsync currently only specify IOException with no specific expectations of HTTP protocol specific exception types. In several areas of the JDK tests, when necessary, we do check the exception messages to be sure that we are testing the right failure/exception. Of course, any changes to those internal exception messages would require updates to related tests.

> If its not planned to have an own public type, can it at least be an internal exception type that can be used in the test?
Maybe a Http2ProtocolError?

Your suggestion is valid one . Like Daniel has noted, we do have plans to propagate certain HTTP protocol specific error details to the application from the HttpClient send/sendAsync APIs, and I think we see the value in doing that. It will require specification updates (which is fine) and will require some more thoughts on how we want to do it. For example GOAWAY is specific to HTTP/2 and HTTP/3 whereas the HttpClient supports HTTP/1.1 too. So it will require some thoughts on how we specify such exceptions for these APIs.

I will check our JDK issue tracker to see if we have already filed an issue for this and if not, I'll file an enhancement and link it here.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2619427409

From dfuchs at openjdk.org  Mon Dec 15 13:35:22 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 13:35:22 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
Message-ID: <GPXU7XE2VCaDokljil06gLI2e2-1Rpq7h_XXWZuYx-A=.aae7add8-a7ba-4543-b219-2a02dd76898f@github.com>

On Mon, 15 Dec 2025 13:15:32 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

> We have a Linux machine with IPV6 disabled.
> There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
> Error is
> 
> java.lang.RuntimeException: Server failed to start.
> at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
> at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
> at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
> at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
> at java.base/java.lang.reflect.Method.invoke(Method.java:565)
> at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
> at java.base/java.lang.Thread.run(Thread.java:1516)
> Caused by: java.net.SocketException: Protocol family unavailable
> 
> 
> After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
> Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .

src/java.base/unix/native/libnet/net_util_md.c line 288:

> 286:         if (family != java_net_InetAddress_IPv4) {
> 287:             if (ipv6av) {
> 288:                 JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException", "Protocol family ipv6, ipv6 on machine available");

This exception does not really make sense. Are you really sure it's possible to get here?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2619456018

From mbaesken at openjdk.org  Mon Dec 15 13:57:22 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Mon, 15 Dec 2025 13:57:22 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <GPXU7XE2VCaDokljil06gLI2e2-1Rpq7h_XXWZuYx-A=.aae7add8-a7ba-4543-b219-2a02dd76898f@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <GPXU7XE2VCaDokljil06gLI2e2-1Rpq7h_XXWZuYx-A=.aae7add8-a7ba-4543-b219-2a02dd76898f@github.com>
Message-ID: <xUs106qEst70YHSdOM1oaU_f5BeXEyJEWp0ayZUKYc8=.798e491e-a7df-46e8-ae76-00942536ee8e@github.com>

On Mon, 15 Dec 2025 13:32:17 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> We have a Linux machine with IPV6 disabled.
>> There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
>> Error is
>> 
>> java.lang.RuntimeException: Server failed to start.
>> at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
>> at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
>> at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
>> at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:565)
>> at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
>> at java.base/java.lang.Thread.run(Thread.java:1516)
>> Caused by: java.net.SocketException: Protocol family unavailable
>> 
>> 
>> After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
>> Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .
>
> src/java.base/unix/native/libnet/net_util_md.c line 288:
> 
>> 286:         if (family != java_net_InetAddress_IPv4) {
>> 287:             if (ipv6av) {
>> 288:                 JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException", "Protocol family ipv6, ipv6 on machine available");
> 
> This exception does not really make sense. Are you really sure it's possible to get here?

Looks like to get into the else case starting at line 284 or before the patch like 282 ,  ipv6_available() / ipv6av can be false ; or also the second part of the if check can be false  

!(family == java_net_InetAddress_IPv4 &&  v4MappedAddress == JNI_FALSE))

so we should distinguish the 2 cases. Not sure if this really happens, on our system showing the error we got the other one `Caused by: java.net.SocketException: Protocol family ipv6, ipv6 on machine unavailable`

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2619541006

From mbaesken at openjdk.org  Mon Dec 15 14:09:39 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Mon, 15 Dec 2025 14:09:39 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <xUs106qEst70YHSdOM1oaU_f5BeXEyJEWp0ayZUKYc8=.798e491e-a7df-46e8-ae76-00942536ee8e@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <GPXU7XE2VCaDokljil06gLI2e2-1Rpq7h_XXWZuYx-A=.aae7add8-a7ba-4543-b219-2a02dd76898f@github.com>
 <xUs106qEst70YHSdOM1oaU_f5BeXEyJEWp0ayZUKYc8=.798e491e-a7df-46e8-ae76-00942536ee8e@github.com>
Message-ID: <IE3BkwbroyzmVX1JoHQjL-bP4dsHmYyYaqpjkgf7lOs=.54348961-282d-4a99-b729-28d7097a2a16@github.com>

On Mon, 15 Dec 2025 13:54:49 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> src/java.base/unix/native/libnet/net_util_md.c line 288:
>> 
>>> 286:         if (family != java_net_InetAddress_IPv4) {
>>> 287:             if (ipv6av) {
>>> 288:                 JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException", "Protocol family ipv6, ipv6 on machine available");
>> 
>> This exception does not really make sense. Are you really sure it's possible to get here?
>
> Looks like to get into the else case starting at line 284 or before the patch like 282 ,  ipv6_available() / ipv6av can be false ; or also the second part of the if check can be false  
> 
> !(family == java_net_InetAddress_IPv4 &&  v4MappedAddress == JNI_FALSE))
> 
> so we should distinguish the 2 cases. Not sure if this really happens, on our system showing the error we got the other one `Caused by: java.net.SocketException: Protocol family ipv6, ipv6 on machine unavailable`

Or just  write the old message `"Protocol family unavailable" ` for this case and enhance the else case ?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2619583618

From duke at openjdk.org  Mon Dec 15 14:28:56 2025
From: duke at openjdk.org (Christoph =?UTF-8?B?TMOkdWJyaWNo?=)
Date: Mon, 15 Dec 2025 14:28:56 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <z4YKYscbg-xsmmmnibGLMeN60UYrzsux5-ER9u8sumw=.ffc5539c-b88e-4ec7-9d20-b3463ac8a972@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <DNHmyRO9FLH4jBLCIjVNH5BedY04s6mz8DLYp-_Yk5c=.7d738e4e-346c-405e-8331-7a56e187368d@github.com>
 <ooc548YvpVY5khiofydNljPcgXk-2KsTSslc8SgAeP4=.10092dd9-0847-4055-a915-6077d1c3336b@github.com>
 <z4YKYscbg-xsmmmnibGLMeN60UYrzsux5-ER9u8sumw=.ffc5539c-b88e-4ec7-9d20-b3463ac8a972@github.com>
Message-ID: <wOFNSg5oyh1WYFOCH0d14anu1shIUEcTILik_DawqZI=.fa550429-4dc5-4ae4-aae8-e066330b89e7@github.com>

On Mon, 15 Dec 2025 13:24:27 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

> The API specification of HttpClient for send/sendAsync currently only specify IOException with no specific expectations of HTTP protocol specific exception types

Even though its nice do document all possible subtypes I think its not specifically forbidden (or can be enforced) and there is at least on precedence with `HttpTimeoutException` (and I can think of many more e.g EOFException in general) and `jdk.internal.net.http.common.Utils.toConnectException(Throwable)` even checks for some of those already (and I see none of those explicitly documented).

So I think it not necessarily requires a specification change, for a first step it could even be non public internal types like `jdk.internal.net.http.common.ConnectionExpiredException`.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2619659317

From mbaesken at openjdk.org  Mon Dec 15 15:48:36 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Mon, 15 Dec 2025 15:48:36 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <IE3BkwbroyzmVX1JoHQjL-bP4dsHmYyYaqpjkgf7lOs=.54348961-282d-4a99-b729-28d7097a2a16@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <GPXU7XE2VCaDokljil06gLI2e2-1Rpq7h_XXWZuYx-A=.aae7add8-a7ba-4543-b219-2a02dd76898f@github.com>
 <xUs106qEst70YHSdOM1oaU_f5BeXEyJEWp0ayZUKYc8=.798e491e-a7df-46e8-ae76-00942536ee8e@github.com>
 <IE3BkwbroyzmVX1JoHQjL-bP4dsHmYyYaqpjkgf7lOs=.54348961-282d-4a99-b729-28d7097a2a16@github.com>
Message-ID: <hS0P3_OLcsUEDIjO5fTkvzmqq5QSCe_DnCKGrssdZxs=.394e865e-ee52-4820-9266-7cec86b7c0f0@github.com>

On Mon, 15 Dec 2025 14:07:07 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> Looks like to get into the else case starting at line 284 or before the patch like 282 ,  ipv6_available() / ipv6av can be false ; or also the second part of the if check can be false  
>> 
>> !(family == java_net_InetAddress_IPv4 &&  v4MappedAddress == JNI_FALSE))
>> 
>> so we should distinguish the 2 cases. Not sure if this really happens, on our system showing the error we got the other one `Caused by: java.net.SocketException: Protocol family ipv6, ipv6 on machine unavailable`
>
> Or just  write the old message `"Protocol family unavailable" ` for this case and enhance the else case ?

Looking more at the checks,  I think we can always use the exception 
`JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException", "Protocol family ipv6, ipv6 on machine unavailable");`
without the if and else. At least as long as the other if checks do not change. Do you agree?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2619948700

From dfuchs at openjdk.org  Mon Dec 15 15:49:43 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 15:49:43 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <wOFNSg5oyh1WYFOCH0d14anu1shIUEcTILik_DawqZI=.fa550429-4dc5-4ae4-aae8-e066330b89e7@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <DNHmyRO9FLH4jBLCIjVNH5BedY04s6mz8DLYp-_Yk5c=.7d738e4e-346c-405e-8331-7a56e187368d@github.com>
 <ooc548YvpVY5khiofydNljPcgXk-2KsTSslc8SgAeP4=.10092dd9-0847-4055-a915-6077d1c3336b@github.com>
 <z4YKYscbg-xsmmmnibGLMeN60UYrzsux5-ER9u8sumw=.ffc5539c-b88e-4ec7-9d20-b3463ac8a972@github.com>
 <wOFNSg5oyh1WYFOCH0d14anu1shIUEcTILik_DawqZI=.fa550429-4dc5-4ae4-aae8-e066330b89e7@github.com>
Message-ID: <xl2DheCisNXWs9UPG6LkyfAPYfLqXz9DZ_CXNspPbig=.13be1c71-decd-41be-b9c4-d913c93bc4d4@github.com>

On Mon, 15 Dec 2025 14:26:31 GMT, Christoph L?ubrich <duke at openjdk.org> wrote:

>> Hello Christoph,
>> 
>>> I think this test assertion alone already shows that a client has only the chance to use String parsing what I think is bad (both for test and for production code).
>> 
>> The API specification of HttpClient for send/sendAsync currently only specify IOException with no specific expectations of HTTP protocol specific exception types. In several areas of the JDK tests, when necessary, we do check the exception messages to be sure that we are testing the right failure/exception. Of course, any changes to those internal exception messages would require updates to related tests.
>> 
>>> If its not planned to have an own public type, can it at least be an internal exception type that can be used in the test?
>> Maybe a Http2ProtocolError?
>> 
>> Your suggestion is valid one . Like Daniel has noted, we do have plans to propagate certain HTTP protocol specific error details to the application from the HttpClient send/sendAsync APIs, and I think we see the value in doing that. It will require specification updates (which is fine) and will require some more thoughts on how we want to do it. For example GOAWAY is specific to HTTP/2 and HTTP/3 whereas the HttpClient supports HTTP/1.1 too. So it will require some thoughts on how we specify such exceptions for these APIs.
>> 
>> I will check our JDK issue tracker to see if we have already filed an issue for this and if not, I'll file an enhancement and link it here.
>
>> The API specification of HttpClient for send/sendAsync currently only specify IOException with no specific expectations of HTTP protocol specific exception types
> 
> Even though its nice do document all possible subtypes I think its not specifically forbidden (or can be enforced) and there is at least on precedence with `HttpTimeoutException` (and I can think of many more e.g EOFException in general) and `jdk.internal.net.http.common.Utils.toConnectException(Throwable)` even checks for some of those already (and I see none of those explicitly documented).
> 
> So I think it not necessarily requires a specification change, for a first step it could even be non public internal types like `jdk.internal.net.http.common.ConnectionExpiredException`.

Even though there may be some precedents, Internal exception types should not be relayed to user code. In addition introducing new public exception types also introduce new serializable APIs.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28632#discussion_r2619953365

From dfuchs at openjdk.org  Mon Dec 15 15:53:13 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 15:53:13 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <hS0P3_OLcsUEDIjO5fTkvzmqq5QSCe_DnCKGrssdZxs=.394e865e-ee52-4820-9266-7cec86b7c0f0@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <GPXU7XE2VCaDokljil06gLI2e2-1Rpq7h_XXWZuYx-A=.aae7add8-a7ba-4543-b219-2a02dd76898f@github.com>
 <xUs106qEst70YHSdOM1oaU_f5BeXEyJEWp0ayZUKYc8=.798e491e-a7df-46e8-ae76-00942536ee8e@github.com>
 <IE3BkwbroyzmVX1JoHQjL-bP4dsHmYyYaqpjkgf7lOs=.54348961-282d-4a99-b729-28d7097a2a16@github.com>
 <hS0P3_OLcsUEDIjO5fTkvzmqq5QSCe_DnCKGrssdZxs=.394e865e-ee52-4820-9266-7cec86b7c0f0@github.com>
Message-ID: <b71k-yH4CPuQliaUplZjwITaycY0KZVKnVsVPlYbxko=.0981b5ec-0eee-476c-89d4-700a79a9ad69@github.com>

On Mon, 15 Dec 2025 15:45:24 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> Or just  write the old message `"Protocol family unavailable" ` for this case and enhance the else case ?
>
> Looking more at the checks,  I think we can always use the exception 
> `JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException", "Protocol family ipv6, ipv6 on machine unavailable");`
> without the if and else. At least as long as the other if checks do not change. Do you agree?

That's what I would expect. I have not double checked.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2619964759

From dfuchs at openjdk.org  Mon Dec 15 16:22:00 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 16:22:00 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <b71k-yH4CPuQliaUplZjwITaycY0KZVKnVsVPlYbxko=.0981b5ec-0eee-476c-89d4-700a79a9ad69@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <GPXU7XE2VCaDokljil06gLI2e2-1Rpq7h_XXWZuYx-A=.aae7add8-a7ba-4543-b219-2a02dd76898f@github.com>
 <xUs106qEst70YHSdOM1oaU_f5BeXEyJEWp0ayZUKYc8=.798e491e-a7df-46e8-ae76-00942536ee8e@github.com>
 <IE3BkwbroyzmVX1JoHQjL-bP4dsHmYyYaqpjkgf7lOs=.54348961-282d-4a99-b729-28d7097a2a16@github.com>
 <hS0P3_OLcsUEDIjO5fTkvzmqq5QSCe_DnCKGrssdZxs=.394e865e-ee52-4820-9266-7cec86b7c0f0@github.com>
 <b71k-yH4CPuQliaUplZjwITaycY0KZVKnVsVPlYbxko=.0981b5ec-0eee-476c-89d4-700a79a9ad69@github.com>
Message-ID: <asxuOy4YbQUz9M19Q4oaMKBYQrLI_CVsZn4a6XtJC7M=.a6c4b624-7704-49f8-9931-f1c041256c8d@github.com>

On Mon, 15 Dec 2025 15:50:53 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Looking more at the checks,  I think we can always use the exception 
>> `JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException", "Protocol family ipv6, ipv6 on machine unavailable");`
>> without the if and else. At least as long as the other if checks do not change. Do you agree?
>
> That's what I would expect. I have not double checked.

I believe you are right - we enter the if part if:

ipv6 is available AND ( family != IPv4 OR  mapped == true)
=> we either have an IPv6 address or we have an IPv4 address that will be mapped to an IPv6 address

So if we enter the else, either we have an IPv4 address, or we don't. If we don't, then we are here because IPv6 is not available.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2620038083

From myankelevich at openjdk.org  Mon Dec 15 16:31:51 2025
From: myankelevich at openjdk.org (Mikhail Yankelevich)
Date: Mon, 15 Dec 2025 16:31:51 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
Message-ID: <W8y0ui8nnPsC2159fa5IkPkfEbf6RXvZH67WGYqPYK0=.f684bb6b-eda6-40ef-90dd-35381303b126@github.com>

On Mon, 15 Dec 2025 13:15:32 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

> We have a Linux machine with IPV6 disabled.
> There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
> Error is
> 
> java.lang.RuntimeException: Server failed to start.
> at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
> at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
> at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
> at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
> at java.base/java.lang.reflect.Method.invoke(Method.java:565)
> at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
> at java.base/java.lang.Thread.run(Thread.java:1516)
> Caused by: java.net.SocketException: Protocol family unavailable
> 
> 
> After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
> Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .

Changes requested by myankelevich (Committer).

test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java line 26:

> 24: /*
> 25:  * @test
> 26:  * @bug 8369950

nit: could you please add this bug id to the `@bug` annotation here

-------------

PR Review: https://git.openjdk.org/jdk/pull/28825#pullrequestreview-3579100439
PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2620072446

From dfuchs at openjdk.org  Mon Dec 15 16:39:14 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 16:39:14 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <W8y0ui8nnPsC2159fa5IkPkfEbf6RXvZH67WGYqPYK0=.f684bb6b-eda6-40ef-90dd-35381303b126@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <W8y0ui8nnPsC2159fa5IkPkfEbf6RXvZH67WGYqPYK0=.f684bb6b-eda6-40ef-90dd-35381303b126@github.com>
Message-ID: <IcrBgc7n2A-35H00LRNJcNWcJsEm6VebYrLPKh0OZc4=.8aac2f93-2fc1-42fd-89b5-9d6e0528c8e5@github.com>

On Mon, 15 Dec 2025 16:28:30 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:

>> We have a Linux machine with IPV6 disabled.
>> There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
>> Error is
>> 
>> java.lang.RuntimeException: Server failed to start.
>> at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
>> at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
>> at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
>> at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:565)
>> at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
>> at java.base/java.lang.Thread.run(Thread.java:1516)
>> Caused by: java.net.SocketException: Protocol family unavailable
>> 
>> 
>> After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
>> Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .
>
> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java line 26:
> 
>> 24: /*
>> 25:  * @test
>> 26:  * @bug 8369950
> 
> nit: could you please add this bug id to the `@bug` annotation here

I don't think that's useful. The implementation changes are unrelated. It could be better to mark the JBS issue with one of the `noreg` labels.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2620096550

From dfuchs at openjdk.org  Mon Dec 15 16:48:29 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 16:48:29 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <IcrBgc7n2A-35H00LRNJcNWcJsEm6VebYrLPKh0OZc4=.8aac2f93-2fc1-42fd-89b5-9d6e0528c8e5@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <W8y0ui8nnPsC2159fa5IkPkfEbf6RXvZH67WGYqPYK0=.f684bb6b-eda6-40ef-90dd-35381303b126@github.com>
 <IcrBgc7n2A-35H00LRNJcNWcJsEm6VebYrLPKh0OZc4=.8aac2f93-2fc1-42fd-89b5-9d6e0528c8e5@github.com>
Message-ID: <gQtozynTdUW9O7FECZplXzP-GvkxIHbAzkUcPp5hf18=.a76753d0-375f-40b4-85b8-34bcefbe171e@github.com>

On Mon, 15 Dec 2025 16:36:14 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> test/jdk/javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java line 26:
>> 
>>> 24: /*
>>> 25:  * @test
>>> 26:  * @bug 8369950
>> 
>> nit: could you please add this bug id to the `@bug` annotation here
>
> I don't think that's useful. The implementation changes are unrelated. It could be better to mark the JBS issue with one of the `noreg` labels.

Maybe it would be best to split out the exception message improvement in a new JBS issue.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2620132777

From dfuchs at openjdk.org  Mon Dec 15 17:46:23 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 17:46:23 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello
Message-ID: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>

The first byte of a SSL ClientHello handshake record is 0x16 (22).
If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.

This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.

-------------

Commit messages:
 - fix whitespace
 - fix copyright year in test
 - add bug id to test
 - 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello

Changes: https://git.openjdk.org/jdk/pull/28827/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28827&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373677
  Stats: 207 lines in 3 files changed: 205 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28827.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28827/head:pull/28827

PR: https://git.openjdk.org/jdk/pull/28827

From dfuchs at openjdk.org  Mon Dec 15 17:52:56 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 17:52:56 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v2]
In-Reply-To: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
Message-ID: <b2SYLtfl9BQtLLtJjuO-xCmwkLW-gcAw4T_Z-QAlu4M=.39ddbf81-23ed-491c-a579-b523b542347c@github.com>

> The first byte of a SSL ClientHello handshake record is 0x16 (22).
> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
> 
> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.

Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:

  minor test fix - unused import + obsolete comment

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28827/files
  - new: https://git.openjdk.org/jdk/pull/28827/files/d6d11c8c..d7c25539

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28827&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28827&range=00-01

  Stats: 3 lines in 1 file changed: 1 ins; 1 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/28827.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28827/head:pull/28827

PR: https://git.openjdk.org/jdk/pull/28827

From mbaesken at openjdk.org  Mon Dec 15 19:00:32 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Mon, 15 Dec 2025 19:00:32 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <gQtozynTdUW9O7FECZplXzP-GvkxIHbAzkUcPp5hf18=.a76753d0-375f-40b4-85b8-34bcefbe171e@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <W8y0ui8nnPsC2159fa5IkPkfEbf6RXvZH67WGYqPYK0=.f684bb6b-eda6-40ef-90dd-35381303b126@github.com>
 <IcrBgc7n2A-35H00LRNJcNWcJsEm6VebYrLPKh0OZc4=.8aac2f93-2fc1-42fd-89b5-9d6e0528c8e5@github.com>
 <gQtozynTdUW9O7FECZplXzP-GvkxIHbAzkUcPp5hf18=.a76753d0-375f-40b4-85b8-34bcefbe171e@github.com>
Message-ID: <dEtTMQKPRAi6orNuLtEabIKXhwNIsdE5qAe9p3i-hsg=.8b5c40e8-6892-4067-a1a1-19ac65a76535@github.com>

On Mon, 15 Dec 2025 16:45:58 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> Maybe it would be best to split out the exception message improvement in a new JBS issue.

Sure , we can do this.
I created https://bugs.openjdk.org/browse/JDK-8373704 
Improve SocketException: Protocol family unavailable

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2620493543

From dfuchs at openjdk.org  Mon Dec 15 19:15:08 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 15 Dec 2025 19:15:08 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <dEtTMQKPRAi6orNuLtEabIKXhwNIsdE5qAe9p3i-hsg=.8b5c40e8-6892-4067-a1a1-19ac65a76535@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <W8y0ui8nnPsC2159fa5IkPkfEbf6RXvZH67WGYqPYK0=.f684bb6b-eda6-40ef-90dd-35381303b126@github.com>
 <IcrBgc7n2A-35H00LRNJcNWcJsEm6VebYrLPKh0OZc4=.8aac2f93-2fc1-42fd-89b5-9d6e0528c8e5@github.com>
 <gQtozynTdUW9O7FECZplXzP-GvkxIHbAzkUcPp5hf18=.a76753d0-375f-40b4-85b8-34bcefbe171e@github.com>
 <dEtTMQKPRAi6orNuLtEabIKXhwNIsdE5qAe9p3i-hsg=.8b5c40e8-6892-4067-a1a1-19ac65a76535@github.com>
Message-ID: <11tERRfnXRMmaqyyHVT2BElogJLmhbucUfX-3EXlov8=.0669f859-8b13-4377-9e97-e6a82b7f4be1@github.com>

On Mon, 15 Dec 2025 18:57:31 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> Maybe it would be best to split out the exception message improvement in a new JBS issue.
>
>> Maybe it would be best to split out the exception message improvement in a new JBS issue.
> 
> Sure , we can do this.
> I created https://bugs.openjdk.org/browse/JDK-8373704 
> Improve SocketException: Protocol family unavailable

Thank you Matthias!

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28825#discussion_r2620528126

From dfuchs at openjdk.org  Tue Dec 16 09:15:13 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 16 Dec 2025 09:15:13 GMT
Subject: RFR: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to
 null-safe "SimpleSSLContext" methods
In-Reply-To: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
References: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
Message-ID: <mX8NFPXM79ptakrqetAzZWqld3KnL4yN2v0AF3BdMSA=.f292d8f5-523f-4bc4-bf74-11c12e706fa2@github.com>

On Fri, 12 Dec 2025 19:31:15 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> Migrates `test/jdk/com/sun/net/httpserver/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.

You could maybe have taken advantage of the dependent PR feature here to avoid showing SimpleSSLContext changes in the PR. OK with what you did though. Just a few minor remarks otherwise LGTM.

test/jdk/com/sun/net/httpserver/simpleserver/HttpsServerAlertTest.java line 72:

> 70:             LOGGER.addHandler(ch);
> 71:         }
> 72:         SSLContext.setDefault(sslContext);

You could move that to a static block after line 62 I guess.

test/jdk/com/sun/net/httpserver/simpleserver/HttpsServerTest.java line 80:

> 78:             LOGGER.addHandler(ch);
> 79:         }
> 80:         SSLContext.setDefault(sslContext);

Same here after line 70

-------------

PR Review: https://git.openjdk.org/jdk/pull/28800#pullrequestreview-3582053355
PR Review Comment: https://git.openjdk.org/jdk/pull/28800#discussion_r2622411050
PR Review Comment: https://git.openjdk.org/jdk/pull/28800#discussion_r2622413589

From vyazici at openjdk.org  Tue Dec 16 10:11:40 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Tue, 16 Dec 2025 10:11:40 GMT
Subject: RFR: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to
 null-safe "SimpleSSLContext" methods [v2]
In-Reply-To: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
References: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
Message-ID: <GZ3zl_QB9oznu-2IAHwQBP5kJCMxUPCNR7VbOgl0ViA=.d3c0d18e-6d2f-4256-8dbe-75561af105bd@github.com>

> Migrates `test/jdk/com/sun/net/httpserver/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.

Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:

  Move `SSLContext::setDefault` to static blocks

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28800/files
  - new: https://git.openjdk.org/jdk/pull/28800/files/a6df4b57..c7ef9bd5

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28800&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28800&range=00-01

  Stats: 11 lines in 2 files changed: 8 ins; 3 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/28800.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28800/head:pull/28800

PR: https://git.openjdk.org/jdk/pull/28800

From vyazici at openjdk.org  Tue Dec 16 10:11:45 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Tue, 16 Dec 2025 10:11:45 GMT
Subject: RFR: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to
 null-safe "SimpleSSLContext" methods [v2]
In-Reply-To: <mX8NFPXM79ptakrqetAzZWqld3KnL4yN2v0AF3BdMSA=.f292d8f5-523f-4bc4-bf74-11c12e706fa2@github.com>
References: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
 <mX8NFPXM79ptakrqetAzZWqld3KnL4yN2v0AF3BdMSA=.f292d8f5-523f-4bc4-bf74-11c12e706fa2@github.com>
Message-ID: <kcLvp9q6f-sGXz5R7gZ1fCkEBI3RY5MRTAjCzWD6rlI=.9d2bcea5-b885-40aa-9b20-451ce95a76c0@github.com>

On Tue, 16 Dec 2025 09:05:49 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Move `SSLContext::setDefault` to static blocks
>
> test/jdk/com/sun/net/httpserver/simpleserver/HttpsServerAlertTest.java line 72:
> 
>> 70:             LOGGER.addHandler(ch);
>> 71:         }
>> 72:         SSLContext.setDefault(sslContext);
> 
> You could move that to a static block after line 62 I guess.

Changed as requested in c7ef9bd5.

> test/jdk/com/sun/net/httpserver/simpleserver/HttpsServerTest.java line 80:
> 
>> 78:             LOGGER.addHandler(ch);
>> 79:         }
>> 80:         SSLContext.setDefault(sslContext);
> 
> Same here after line 70

Changed as requested in c7ef9bd5.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28800#discussion_r2622632973
PR Review Comment: https://git.openjdk.org/jdk/pull/28800#discussion_r2622633246

From duke at openjdk.org  Tue Dec 16 10:30:32 2025
From: duke at openjdk.org (EunHyunsu)
Date: Tue, 16 Dec 2025 10:30:32 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <fT7LeciPDYuFtDJaxTb24dCSgYtuydnYTYXPajr2-TA=.6b748eb1-39b5-4421-b3ae-f54228c4e857@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <wYgpM_9x8dc39fN_gBc84DuyINPd1Rso08uQyNFoJrM=.fcabb205-3e56-4316-a44a-bd79d1ca006d@github.com>
 <fT7LeciPDYuFtDJaxTb24dCSgYtuydnYTYXPajr2-TA=.6b748eb1-39b5-4421-b3ae-f54228c4e857@github.com>
Message-ID: <KV_0ODWEkUTzLDoJDRvd6e7pAIT1k6yq9Z3OiPCFSnY=.8bfd5ece-79c7-4b19-b0f4-1ac6ca9093ea@github.com>

On Mon, 15 Dec 2025 13:10:04 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> @jaikiran Thank you for the detailed review! I've addressed all your feedback:
>> 
>> 1. **Http2Connection.java**: Removed the `else` block so `close(cause)` ? `doTerminate()` handles processed streams. This ensures connection closure cause and stream termination cause are consistent.
>> 
>> 2. **GoAwayWithErrorTest.java**:
>> - Using `URIBuilder` with server's actual address instead of "localhost"
>> - Removed timeout from `goAwaySentLatch.await()`
>> - Removed entire `allOf().orTimeout().join()` block
>> - Replaced success counting with direct `assertEquals(200, response.statusCode())`
>
> Thank you @ehs208 for these updates. The changes look good to me. I'll run the latest changes in our CI to make sure this continues to pass.
> 
> On a related note, have you run tier2 locally with these changes? The GitHub actions job only run tier1 and networking tests aren't covered in that. It would be good to run tier2 on your local setup too - that way any future contributions in this area can be tested locally to verify that changes don't break unexpected existing tests.

@jaikiran I ran jdk_net tests locally. Results: 1047 passed, 1 failed.

  The failed test is `HTTPSetAuthenticatorTest` (HTTP/1.1 Authenticator test) with `SocketException: Connection reset`, which appears to be a flaky test unrelated to this PR's HTTP/2 GOAWAY changes. All HTTP/2 related tests passed successfully.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3659826810

From duke at openjdk.org  Tue Dec 16 10:30:35 2025
From: duke at openjdk.org (duke)
Date: Tue, 16 Dec 2025 10:30:35 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v8]
In-Reply-To: <k011X7ji_z8YFQd1_4UMZ9fE7HOdCHEADSwdH2J4w_A=.88c96147-ee34-40d6-8fa8-5a3cdf6d8a44@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <k011X7ji_z8YFQd1_4UMZ9fE7HOdCHEADSwdH2J4w_A=.88c96147-ee34-40d6-8fa8-5a3cdf6d8a44@github.com>
Message-ID: <oIbh7dBrPnnxLpRmy11zf0Ud1wVqIoGZtw63hxjKU4I=.f7c93212-f401-47a6-b73b-9433b4984b54@github.com>

On Sat, 13 Dec 2025 05:18:57 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Address code review feedback

@ehs208 
Your change (at version 566dfe235ae29ae3028c639d55b6c90886c298c5) is now ready to be sponsored by a Committer.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3659830260

From jpai at openjdk.org  Tue Dec 16 10:30:35 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 16 Dec 2025 10:30:35 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <KV_0ODWEkUTzLDoJDRvd6e7pAIT1k6yq9Z3OiPCFSnY=.8bfd5ece-79c7-4b19-b0f4-1ac6ca9093ea@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <wYgpM_9x8dc39fN_gBc84DuyINPd1Rso08uQyNFoJrM=.fcabb205-3e56-4316-a44a-bd79d1ca006d@github.com>
 <fT7LeciPDYuFtDJaxTb24dCSgYtuydnYTYXPajr2-TA=.6b748eb1-39b5-4421-b3ae-f54228c4e857@github.com>
 <KV_0ODWEkUTzLDoJDRvd6e7pAIT1k6yq9Z3OiPCFSnY=.8bfd5ece-79c7-4b19-b0f4-1ac6ca9093ea@github.com>
Message-ID: <rHzyoFUcOEzP0BCXl_yW8Qtk5Dsr-DPt6s7SvNF9-v0=.ccdffa48-cda2-4ed6-8664-1d8bd498da58@github.com>

On Tue, 16 Dec 2025 10:25:04 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> Thank you @ehs208 for these updates. The changes look good to me. I'll run the latest changes in our CI to make sure this continues to pass.
>> 
>> On a related note, have you run tier2 locally with these changes? The GitHub actions job only run tier1 and networking tests aren't covered in that. It would be good to run tier2 on your local setup too - that way any future contributions in this area can be tested locally to verify that changes don't break unexpected existing tests.
>
> @jaikiran I ran jdk_net tests locally. Results: 1047 passed, 1 failed.
> 
>   The failed test is `HTTPSetAuthenticatorTest` (HTTP/1.1 Authenticator test) with `SocketException: Connection reset`, which appears to be a flaky test unrelated to this PR's HTTP/2 GOAWAY changes. All HTTP/2 related tests passed successfully.

Hello @ehs208, I'm investigating a intermittent test failure of the newly added test in our CI. I think the test will need a few adjustments. I haven't had a chance to go over the failure in its entirety. I will add some details here when I am done looking at that failure.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3659837419

From dfuchs at openjdk.org  Tue Dec 16 10:35:28 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 16 Dec 2025 10:35:28 GMT
Subject: RFR: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to
 null-safe "SimpleSSLContext" methods [v2]
In-Reply-To: <GZ3zl_QB9oznu-2IAHwQBP5kJCMxUPCNR7VbOgl0ViA=.d3c0d18e-6d2f-4256-8dbe-75561af105bd@github.com>
References: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
 <GZ3zl_QB9oznu-2IAHwQBP5kJCMxUPCNR7VbOgl0ViA=.d3c0d18e-6d2f-4256-8dbe-75561af105bd@github.com>
Message-ID: <oZNJ4xCWG4K-qzeCwy7g-TmKqGxVBJu7lk0I7p2UT4Q=.90a14804-6458-41ad-808c-c3beb9a29296@github.com>

On Tue, 16 Dec 2025 10:11:40 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Migrates `test/jdk/com/sun/net/httpserver/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.
>
> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Move `SSLContext::setDefault` to static blocks

LGTM. Obviously don't integrate before [JDK-8372661](https://bugs.openjdk.org/browse/JDK-8372661).

-------------

Marked as reviewed by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28800#pullrequestreview-3582405543

From mbaesken at openjdk.org  Tue Dec 16 13:25:35 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Tue, 16 Dec 2025 13:25:35 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6 [v2]
In-Reply-To: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
Message-ID: <Nhw2TqPYQrJcWOUUuBqKSSltkOacbRcH9CBd_tsvfGI=.943c8cfc-0348-45ed-92ce-610054a9b2df@github.com>

> We have a Linux machine with IPV6 disabled.
> There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
> Error is
> 
> java.lang.RuntimeException: Server failed to start.
> at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
> at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
> at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
> at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
> at java.base/java.lang.reflect.Method.invoke(Method.java:565)
> at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
> at java.base/java.lang.Thread.run(Thread.java:1516)
> Caused by: java.net.SocketException: Protocol family unavailable
> 
> 
> After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
> Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .

Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:

  remove net_util_md.c changes, we'll do this in a separate issue

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28825/files
  - new: https://git.openjdk.org/jdk/pull/28825/files/d288299f..c8c73e4b

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28825&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28825&range=00-01

  Stats: 8 lines in 1 file changed: 0 ins; 6 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28825.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28825/head:pull/28825

PR: https://git.openjdk.org/jdk/pull/28825

From mbaesken at openjdk.org  Tue Dec 16 13:25:36 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Tue, 16 Dec 2025 13:25:36 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
Message-ID: <ryX-IYb7i0Y7jE2R-LtZjhbe3dic_DG3spPZI6GUVkw=.cc2f153a-e3b2-435f-87ca-eb037691ab63@github.com>

On Mon, 15 Dec 2025 13:15:32 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

> We have a Linux machine with IPV6 disabled.
> There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
> Error is
> 
> java.lang.RuntimeException: Server failed to start.
> at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
> at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
> at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
> at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
> at java.base/java.lang.reflect.Method.invoke(Method.java:565)
> at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
> at java.base/java.lang.Thread.run(Thread.java:1516)
> Caused by: java.net.SocketException: Protocol family unavailable
> 
> 
> After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
> Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .

I removed the net_util_md.c exception message changes.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28825#issuecomment-3660492865

From dfuchs at openjdk.org  Tue Dec 16 13:33:04 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 16 Dec 2025 13:33:04 GMT
Subject: RFR: 8373796: Refactor java/net/httpclient/ThrowingPublishers*.java
 tests to use JUnit5
Message-ID: <1KCdqnOboHD5YuKQRlGwhYsg6pI1oLFZJRLgj8Pyn6U=.5c0729ad-a8fe-4809-8d8b-f93612d6062f@github.com>

These test used to use the testng `IContextTest` API to stop tests after the first failure.
@sormuras suggested an even more elegant way to do that with JUnit.
Usage of IContextTest has been replaced with a `TestWatcher` that records the first failure and uses `Assumptions` to prevent further test execution. 

The rest of the changes were (almost) mechanical.

-------------

Commit messages:
 - 8373796: Refactor java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5

Changes: https://git.openjdk.org/jdk/pull/28846/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28846&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373796
  Stats: 192 lines in 9 files changed: 55 ins; 60 del; 77 mod
  Patch: https://git.openjdk.org/jdk/pull/28846.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28846/head:pull/28846

PR: https://git.openjdk.org/jdk/pull/28846

From michaelm at openjdk.org  Tue Dec 16 14:07:43 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Tue, 16 Dec 2025 14:07:43 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew [v3]
In-Reply-To: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
Message-ID: <ft4EQQIALSQQcx7mgZSbPaw-1tEclHg3rMZAcnpYEKo=.ff752e11-0eee-4ac9-8ec4-fdf095790cda@github.com>

> Hi,
> 
> This change updates the use of NET_ThrowNew in Inet4AddressImpl.c + Inet6AddressImpl.c (unix).
> Currently EINTR is incorrectly handled in NET_ThrowNew to throw InterruptedIOException.
> 
> The only possible places in these files where EINTR can be returned is in the sendto() calls
> for ping4() and ping6() used by the InetAddress.isReachable() API.
> 
> The change checks for EINTR returned from those calls and restarts the sendto()
> if the timeout allows it. If EINTR is detected by NET_ThrowNew it is thrown as an ordinary
> SocketException, but this should not happen.
> 
> The fix is only partially tested as it is difficult to make sendto() return EINTR in practice, but
> I added a unit test for the new native function that checks if the timeout has expired.
> 
> Thanks,
> Michael

Michael McMahon has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision:

 - impl update
 - Merge branch 'master' into EINTR-8370655
 - impl update
 - update
 - header file update
 - impl update
 - removed test updated impl
 - Merge branch 'master' into EINTR-8370655
 - copyright
 - impl update
 - ... and 5 more: https://git.openjdk.org/jdk/compare/50602667...f170dea7

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28750/files
  - new: https://git.openjdk.org/jdk/pull/28750/files/899a4d5c..f170dea7

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28750&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28750&range=01-02

  Stats: 7676 lines in 277 files changed: 4876 ins; 978 del; 1822 mod
  Patch: https://git.openjdk.org/jdk/pull/28750.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28750/head:pull/28750

PR: https://git.openjdk.org/jdk/pull/28750

From michaelm at openjdk.org  Tue Dec 16 14:11:11 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Tue, 16 Dec 2025 14:11:11 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew [v2]
In-Reply-To: <P_c4XIlCuSvOJkpFmz6USPoui5qY9DCx4W5uc0Oc8cs=.4628df4d-1bdf-4214-a87d-6c9ceed73b1f@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
 <wnWw7dxIM3_BROXbB_GcX1hP4q9N2iKWxrXjFB10qlY=.ad8b5f83-8a2b-43f8-9749-1a0e80f67d0e@github.com>
 <H6HdrUgQexFS8Tu9krmE5KuaPPWXa02tT1AsbXWl5zo=.b30105b1-1370-462e-9f01-085623aa0394@github.com>
 <P_c4XIlCuSvOJkpFmz6USPoui5qY9DCx4W5uc0Oc8cs=.4628df4d-1bdf-4214-a87d-6c9ceed73b1f@github.com>
Message-ID: <v5dMzH27MY2sPX2TrX8jG2kvOzzb9QbW958M01nZO-I=.139fd596-2bd0-4a25-8b8b-dff51ad91b83@github.com>

On Fri, 12 Dec 2025 09:15:21 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

> > Have you verified that a pthread_kill of a thread blocked in getaddrinfo returns EAI_SYSTEM with errno=EINTR? I can't be sure from the man page.
> 
> I will try to verify that.

Test was inconclusive. Interrupting getaddrinfo() with a non restarting signal executes the signal handler and automatically restarts the blocking call (probably recv() ) so EINTR is not being returned.
It's likely that the glibc implementation of getaddrinfo() is just restarting the call itself. I think it still makes sense to test for EINTR regardless.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28750#discussion_r2623424783

From jpai at openjdk.org  Tue Dec 16 14:20:30 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 16 Dec 2025 14:20:30 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6 [v2]
In-Reply-To: <Nhw2TqPYQrJcWOUUuBqKSSltkOacbRcH9CBd_tsvfGI=.943c8cfc-0348-45ed-92ce-610054a9b2df@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <Nhw2TqPYQrJcWOUUuBqKSSltkOacbRcH9CBd_tsvfGI=.943c8cfc-0348-45ed-92ce-610054a9b2df@github.com>
Message-ID: <T9sg1spmFB0SZlsYmV-shhGlmLcTVTv5v6AHk1pq8m8=.2124176b-a148-4315-8479-ee5ad368cc0f@github.com>

On Tue, 16 Dec 2025 13:25:35 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> We have a Linux machine with IPV6 disabled.
>> There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
>> Error is
>> 
>> java.lang.RuntimeException: Server failed to start.
>> at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
>> at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
>> at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
>> at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:565)
>> at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
>> at java.base/java.lang.Thread.run(Thread.java:1516)
>> Caused by: java.net.SocketException: Protocol family unavailable
>> 
>> 
>> After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
>> Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .
>
> Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:
> 
>   remove net_util_md.c changes, we'll do this in a separate issue

The change looks OK to me.

It's a bit odd that this `sun.net.util.IPAddressUtil.isIPv6LiteralAddress("[::1]")` returns false where as `InetAddress.ofLiteral("[::1]")` returns a valid `InetAddress`. But `IPAddressUtil` is an internal implementation util, so that's what the expectation maybe of that implementation. The change to this test looks OK to me.

-------------

Marked as reviewed by jpai (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28825#pullrequestreview-3583331880

From michaelm at openjdk.org  Tue Dec 16 14:22:59 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Tue, 16 Dec 2025 14:22:59 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew [v4]
In-Reply-To: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
Message-ID: <z7wtchn-yjUEI94aksK6uTmXLCc-4UzjzbcMcg3og3w=.e6c8e66b-8afd-4dd7-9ab0-7d9d818f2e75@github.com>

> Hi,
> 
> This change updates the use of NET_ThrowNew in Inet4AddressImpl.c + Inet6AddressImpl.c (unix).
> Currently EINTR is incorrectly handled in NET_ThrowNew to throw InterruptedIOException.
> 
> The only possible places in these files where EINTR can be returned is in the sendto() calls
> for ping4() and ping6() used by the InetAddress.isReachable() API.
> 
> The change checks for EINTR returned from those calls and restarts the sendto()
> if the timeout allows it. If EINTR is detected by NET_ThrowNew it is thrown as an ordinary
> SocketException, but this should not happen.
> 
> The fix is only partially tested as it is difficult to make sendto() return EINTR in practice, but
> I added a unit test for the new native function that checks if the timeout has expired.
> 
> Thanks,
> Michael

Michael McMahon has updated the pull request incrementally with one additional commit since the last revision:

  whitespace fix

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28750/files
  - new: https://git.openjdk.org/jdk/pull/28750/files/f170dea7..363b86e1

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28750&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28750&range=02-03

  Stats: 1 line in 1 file changed: 0 ins; 1 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/28750.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28750/head:pull/28750

PR: https://git.openjdk.org/jdk/pull/28750

From alanb at openjdk.org  Tue Dec 16 14:22:59 2025
From: alanb at openjdk.org (Alan Bateman)
Date: Tue, 16 Dec 2025 14:22:59 GMT
Subject: RFR: 8370655: Check EINTR handling InetAddress implementation and
 NET_ThrowNew [v4]
In-Reply-To: <z7wtchn-yjUEI94aksK6uTmXLCc-4UzjzbcMcg3og3w=.e6c8e66b-8afd-4dd7-9ab0-7d9d818f2e75@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
 <z7wtchn-yjUEI94aksK6uTmXLCc-4UzjzbcMcg3og3w=.e6c8e66b-8afd-4dd7-9ab0-7d9d818f2e75@github.com>
Message-ID: <PMX8xfy9hkyeYJpdX_rwBxC6e-TTCLYodl2gDL7jSaw=.492c8762-e4fd-48f4-abcb-f724243bee02@github.com>

On Tue, 16 Dec 2025 14:20:33 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

>> Hi,
>> 
>> This change updates the use of NET_ThrowNew in Inet4AddressImpl.c + Inet6AddressImpl.c (unix).
>> Currently EINTR is incorrectly handled in NET_ThrowNew to throw InterruptedIOException.
>> 
>> The only possible places in these files where EINTR can be returned is in the sendto() calls
>> for ping4() and ping6() used by the InetAddress.isReachable() API.
>> 
>> The change checks for EINTR returned from those calls and restarts the sendto()
>> if the timeout allows it. If EINTR is detected by NET_ThrowNew it is thrown as an ordinary
>> SocketException, but this should not happen.
>> 
>> The fix is only partially tested as it is difficult to make sendto() return EINTR in practice, but
>> I added a unit test for the new native function that checks if the timeout has expired.
>> 
>> Thanks,
>> Michael
>
> Michael McMahon has updated the pull request incrementally with one additional commit since the last revision:
> 
>   whitespace fix

Latest version is much more readability at use-sites, so I think okay.

-------------

Marked as reviewed by alanb (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28750#pullrequestreview-3583333019

From dfuchs at openjdk.org  Tue Dec 16 15:05:49 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 16 Dec 2025 15:05:49 GMT
Subject: RFR: 8373796: Refactor
 java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5 [v2]
In-Reply-To: <1KCdqnOboHD5YuKQRlGwhYsg6pI1oLFZJRLgj8Pyn6U=.5c0729ad-a8fe-4809-8d8b-f93612d6062f@github.com>
References: <1KCdqnOboHD5YuKQRlGwhYsg6pI1oLFZJRLgj8Pyn6U=.5c0729ad-a8fe-4809-8d8b-f93612d6062f@github.com>
Message-ID: <eJZC-LWSvGW8TbsHs9XKHZM-FTJT0h06i7nneJkp8pg=.ff37465d-2584-4f3e-9f57-d168921e6e57@github.com>

> These test used to use the testng `IContextTest` API to stop tests after the first failure.
> @sormuras suggested an even more elegant way to do that with JUnit.
> Usage of IContextTest has been replaced with a `TestWatcher` that records the first failure and uses `Assumptions` to prevent further test execution. 
> 
> The rest of the changes were (almost) mechanical.

Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:

  Minor cleanup

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28846/files
  - new: https://git.openjdk.org/jdk/pull/28846/files/f4e8ed7a..2c17b02c

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28846&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28846&range=00-01

  Stats: 17 lines in 1 file changed: 4 ins; 9 del; 4 mod
  Patch: https://git.openjdk.org/jdk/pull/28846.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28846/head:pull/28846

PR: https://git.openjdk.org/jdk/pull/28846

From dfuchs at openjdk.org  Tue Dec 16 15:15:25 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 16 Dec 2025 15:15:25 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6 [v2]
In-Reply-To: <T9sg1spmFB0SZlsYmV-shhGlmLcTVTv5v6AHk1pq8m8=.2124176b-a148-4315-8479-ee5ad368cc0f@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <Nhw2TqPYQrJcWOUUuBqKSSltkOacbRcH9CBd_tsvfGI=.943c8cfc-0348-45ed-92ce-610054a9b2df@github.com>
 <T9sg1spmFB0SZlsYmV-shhGlmLcTVTv5v6AHk1pq8m8=.2124176b-a148-4315-8479-ee5ad368cc0f@github.com>
Message-ID: <AfC4yF4QSLe55-15db5zbQQMqGMECo8oZeSKLieLNUY=.68c1309d-641f-4f6e-97c9-301c722edb4f@github.com>

On Tue, 16 Dec 2025 14:18:00 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

> It's a bit odd that this `sun.net.util.IPAddressUtil.isIPv6LiteralAddress("[::1]")` returns false where as `InetAddress.ofLiteral("[::1]")` returns a valid `InetAddress`. But `IPAddressUtil` is an internal implementation util, so that's what the expectation maybe of that implementation. The change to this test looks OK to me.

FWIW `InetAddress.ofLiteral` accepts the enclosing "[]" because that's what `InetAddress.getByName` does.
And as you noted `sun.net.util.IPAddressUtil.isIPv6LiteralAddress` is an internal API - it parses the literal according to the IPv6 literal syntax (which doesn't include the "[]")

    jshell> InetAddress.getByName("[::1]")
    $1 ==> /0:0:0:0:0:0:0:1

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28825#issuecomment-3661050387

From mbaesken at openjdk.org  Tue Dec 16 15:26:36 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Tue, 16 Dec 2025 15:26:36 GMT
Subject: RFR: 8373704: Improve "SocketException: Protocol family unavailable"
 message
Message-ID: <ZPS8yD-n8Y9YhT5OEfxW636qLx5LRIILMxrb-2Yz5fc=.4121acc4-895a-410f-bd42-8ee4e58699f8@github.com>

In [JDK-8373676](https://bugs.openjdk.org/browse/JDK-8373676)
we noticed a "SocketException: Protocol family unavailable" because of missing ipv6 support. We could improve this exception and tell that the ipv6 support is not available or something related.

-------------

Commit messages:
 - JDK-8373704

Changes: https://git.openjdk.org/jdk/pull/28851/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28851&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373704
  Stats: 2 lines in 2 files changed: 0 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28851.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28851/head:pull/28851

PR: https://git.openjdk.org/jdk/pull/28851

From djelinski at openjdk.org  Tue Dec 16 17:02:17 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 16 Dec 2025 17:02:17 GMT
Subject: RFR: 8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java
 failed due to deadlock [v2]
In-Reply-To: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
References: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
Message-ID: <XdnL__E-BT-8bj4H5gfXd28-QZOaqRK_lz9PUNGITpc=.c7f19adf-0b38-40c5-b5a2-e14def381b4b@github.com>

> This PR fixes a deadlock between the `localConnectionIdManager` and the `connections` map by closing the manager before calling `connections.compute`.
> 
> No new tests; the issue requires a complex setup to reproduce, and the new code is easy enough to reason about. Existing tests continue to pass.

Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision:

  Reorder startTimer after map updates

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28788/files
  - new: https://git.openjdk.org/jdk/pull/28788/files/d379634d..84f5e430

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28788&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28788&range=00-01

  Stats: 4 lines in 1 file changed: 2 ins; 2 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/28788.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28788/head:pull/28788

PR: https://git.openjdk.org/jdk/pull/28788

From djelinski at openjdk.org  Tue Dec 16 17:02:18 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 16 Dec 2025 17:02:18 GMT
Subject: RFR: 8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java
 failed due to deadlock [v2]
In-Reply-To: <T89vgiM1g_zvhHaZxqCr74h0lIpnQU8zHOL2WFqXJeo=.39e6213b-d664-4be5-bb7a-bcccecf496d7@github.com>
References: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
 <Ga8M2U1Lq6kHT7yjjmpcnU1cQedvflyWp0AJByHU2jo=.60f47eab-97f9-40a6-96d6-efce0f84fdbf@github.com>
 <Tv59xcIRRvsZCCs4A-qhlMc6uPVek7rfZd1A11i2hV0=.ce1e2bee-e767-4d64-8b18-0b78dafbfd3e@github.com>
 <T89vgiM1g_zvhHaZxqCr74h0lIpnQU8zHOL2WFqXJeo=.39e6213b-d664-4be5-bb7a-bcccecf496d7@github.com>
Message-ID: <wyqsjGqRbcgeJixaBvpumaR4S6cWR9BBrCmyWM6XeUs=.d2578968-bcbc-45c4-bc1c-35985c0dd937@github.com>

On Mon, 15 Dec 2025 10:52:40 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> I'd rather not call this from compute; every method called from the compute lambda increases the risk of reintroducing the deadlock, so I'd like to keep the lambda to a minimum.
>> 
>> Most of the time the connection will be added; the only case where it won't is when there are multiple threads attempting to close the connection in parallel. The timer task only removes the connection from the endpoint, so, worst case, we will remove the connection IDs and the reset tokens twice. The second removal will likely be a no-op, unless we somehow manage to reassign the IDs or the tokens to a different connection.
>
> A look at `startTimer` lets me think that it should be safe, but OK. I suspect the double removal would not be an issue - IIRC we check with == on the removed connection, but we would be potentially adding an event to the timer queue which will wake up the timer queue for nothing. We could add a boolean field to ClosingConnection that we could set to `true` if the connection is added and check that after compute has been called, and start the timer then. I'll let you decide if it's worth it.

We don't check with ==; technically we could, but with multiple threads accessing the map, I'm not sure if we would guarantee that all connection IDs are unmapped when the connection is removed.

Multiple threads racing to update the connection map should be rare. Most of the time the compute calls will replace the connection. so the extra check is probably not worth the effort.

I'll move the startTimer call after the connection map updates; I observed occasional failures to update the map, because the timer fired before the map was updated.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28788#discussion_r2624049196

From djelinski at openjdk.org  Tue Dec 16 17:20:45 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Tue, 16 Dec 2025 17:20:45 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v2]
In-Reply-To: <b2SYLtfl9BQtLLtJjuO-xCmwkLW-gcAw4T_Z-QAlu4M=.39ddbf81-23ed-491c-a579-b523b542347c@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <b2SYLtfl9BQtLLtJjuO-xCmwkLW-gcAw4T_Z-QAlu4M=.39ddbf81-23ed-491c-a579-b523b542347c@github.com>
Message-ID: <UhbfmrmtisUQhCRhwXp6gfi9VBTZBNBLfV9CGzVBm70=.8781478c-98de-4382-8059-02f85bac0102@github.com>

On Mon, 15 Dec 2025 17:52:56 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> The first byte of a SSL ClientHello handshake record is 0x16 (22).
>> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
>> 
>> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
>
> Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:
> 
>   minor test fix - unused import + obsolete comment

src/jdk.httpserver/share/classes/sun/net/httpserver/ServerImpl.java line 740:

> 738:                 Request req;
> 739:                 try {
> 740:                     req = new Request(rawin, rawout, newconnection && !https);

I'd skip the `!https` check here.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2624113873

From dfuchs at openjdk.org  Tue Dec 16 22:03:36 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 16 Dec 2025 22:03:36 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6 [v2]
In-Reply-To: <Nhw2TqPYQrJcWOUUuBqKSSltkOacbRcH9CBd_tsvfGI=.943c8cfc-0348-45ed-92ce-610054a9b2df@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <Nhw2TqPYQrJcWOUUuBqKSSltkOacbRcH9CBd_tsvfGI=.943c8cfc-0348-45ed-92ce-610054a9b2df@github.com>
Message-ID: <f8fmOih87ZxHg_cVPM4zkqBut2CEAlTMivpZl3XTfNk=.567980f9-e1f3-4b82-969a-b362e52edb34@github.com>

On Tue, 16 Dec 2025 13:25:35 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> We have a Linux machine with IPV6 disabled.
>> There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
>> Error is
>> 
>> java.lang.RuntimeException: Server failed to start.
>> at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
>> at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
>> at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
>> at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:565)
>> at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
>> at java.base/java.lang.Thread.run(Thread.java:1516)
>> Caused by: java.net.SocketException: Protocol family unavailable
>> 
>> 
>> After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
>> Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .
>
> Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:
> 
>   remove net_util_md.c changes, we'll do this in a separate issue

LGTM

-------------

Marked as reviewed by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28825#pullrequestreview-3585142671

From dfuchs at openjdk.org  Tue Dec 16 22:08:34 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 16 Dec 2025 22:08:34 GMT
Subject: RFR: 8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java
 failed due to deadlock [v2]
In-Reply-To: <XdnL__E-BT-8bj4H5gfXd28-QZOaqRK_lz9PUNGITpc=.c7f19adf-0b38-40c5-b5a2-e14def381b4b@github.com>
References: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
 <XdnL__E-BT-8bj4H5gfXd28-QZOaqRK_lz9PUNGITpc=.c7f19adf-0b38-40c5-b5a2-e14def381b4b@github.com>
Message-ID: <1v94KB83zRnjT0dbzCYrXPzsba7V_zC2bslJxiHCOBY=.b536988b-a5ae-4c20-a351-d907222fd85d@github.com>

On Tue, 16 Dec 2025 17:02:17 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> This PR fixes a deadlock between the `localConnectionIdManager` and the `connections` map by closing the manager before calling `connections.compute`.
>> 
>> No new tests; the issue requires a complex setup to reproduce, and the new code is easy enough to reason about. Existing tests continue to pass.
>
> Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Reorder startTimer after map updates

LGTM

-------------

Marked as reviewed by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28788#pullrequestreview-3585158484

From dfuchs at openjdk.org  Tue Dec 16 22:13:44 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Tue, 16 Dec 2025 22:13:44 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v2]
In-Reply-To: <UhbfmrmtisUQhCRhwXp6gfi9VBTZBNBLfV9CGzVBm70=.8781478c-98de-4382-8059-02f85bac0102@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <b2SYLtfl9BQtLLtJjuO-xCmwkLW-gcAw4T_Z-QAlu4M=.39ddbf81-23ed-491c-a579-b523b542347c@github.com>
 <UhbfmrmtisUQhCRhwXp6gfi9VBTZBNBLfV9CGzVBm70=.8781478c-98de-4382-8059-02f85bac0102@github.com>
Message-ID: <eQdDomNHsLyZpxR7G1J0XGrPrFlRNyMTxX-JytY9NeU=.929dd8b1-5b23-494b-baa9-b5c780dca342@github.com>

On Tue, 16 Dec 2025 17:18:18 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   minor test fix - unused import + obsolete comment
>
> src/jdk.httpserver/share/classes/sun/net/httpserver/ServerImpl.java line 740:
> 
>> 738:                 Request req;
>> 739:                 try {
>> 740:                     req = new Request(rawin, rawout, newconnection && !https);
> 
> I'd skip the `!https` check here.

We only need the check for clear connections. Why would you keep it with https?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2624915078

From duke at openjdk.org  Wed Dec 17 04:21:41 2025
From: duke at openjdk.org (Josiah Noel)
Date: Wed, 17 Dec 2025 04:21:41 GMT
Subject: RFR: 8368695: Support 101 switching protocol in jdk.httpserver
 [v2]
In-Reply-To: <2XnDIC5P7NMXCNo4s84B6DZrKTwEQidxHJtKn9-ayHQ=.519512fd-7d54-428a-bc9b-2a64a153b037@github.com>
References: <2XnDIC5P7NMXCNo4s84B6DZrKTwEQidxHJtKn9-ayHQ=.519512fd-7d54-428a-bc9b-2a64a153b037@github.com>
Message-ID: <rVoOH1wsV8tIQcuKpx_0O0jR-2g_DYGKKS-x7VJC9oc=.96c8610e-910c-4499-97f9-a545aec23a72@github.com>

> Remaking the PR since I messed up the upstream merge on the other one.
> 
> - adds a flag to ExchangeImpl to signal whether the current request is a GET Upgrade request
> - Adds a new `UpgradeInputStream`/`UpgradeOutputStream` to ensure that the server keeps track of when the upgraded request is closed
> - on 101 response codes, `sendResponseHeaders` will not immediately close the output stream 
> - on 101 response codes, `sendResponseHeaders` will use an `UpgradeInputStream`

Josiah Noel has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 18 commits:

 - Merge branch 'master' into JDK-8368695
 - Merge branch 'master' into JDK-8368695
 - reduce diff
 - Merge remote-tracking branch 'upstream/master' into JDK-8368695
 - Update SwitchingProtocolTest.java
 - Update SwitchingProtocolTest.java
 - Update SwitchingProtocolTest.java
 - add exception test
 - Create UpgradeOutputStream.java
 - close raw streams
 - ... and 8 more: https://git.openjdk.org/jdk/compare/e635330a...8963e2eb

-------------

Changes: https://git.openjdk.org/jdk/pull/27989/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27989&range=01
  Stats: 457 lines in 4 files changed: 449 ins; 2 del; 6 mod
  Patch: https://git.openjdk.org/jdk/pull/27989.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/27989/head:pull/27989

PR: https://git.openjdk.org/jdk/pull/27989

From djelinski at openjdk.org  Wed Dec 17 07:53:06 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 17 Dec 2025 07:53:06 GMT
Subject: Integrated: 8373409:
 java/net/httpclient/http3/H3ErrorHandlingTest.java failed due to deadlock
In-Reply-To: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
References: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
Message-ID: <cDQVnQCKeQ7Dxty8oqN5zyXl24_yw5semfRE4iSk4e4=.652b87cb-32cd-47d5-a51e-5b4a91a6d3b5@github.com>

On Fri, 12 Dec 2025 12:31:07 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> This PR fixes a deadlock between the `localConnectionIdManager` and the `connections` map by closing the manager before calling `connections.compute`.
> 
> No new tests; the issue requires a complex setup to reproduce, and the new code is easy enough to reason about. Existing tests continue to pass.

This pull request has now been integrated.

Changeset: 386ad614
Author:    Daniel Jeli?ski <djelinski at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/386ad61458a3901622b92ca56982d728c11b846a
Stats:     57 lines in 2 files changed: 21 ins; 26 del; 10 mod

8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java failed due to deadlock

Reviewed-by: dfuchs

-------------

PR: https://git.openjdk.org/jdk/pull/28788

From djelinski at openjdk.org  Wed Dec 17 07:53:05 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 17 Dec 2025 07:53:05 GMT
Subject: RFR: 8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java
 failed due to deadlock
In-Reply-To: <fb7uBfChNeHF35I6rPN38boqMnKuQrwnWYBuvHdp0Ww=.23008312-aa62-4798-ab60-fb370843d65f@github.com>
References: <ocCk7FQ_fpo5UljRwZOnnWy18xsL8aEx10OSLdqyOmw=.3bc68649-d527-4602-a316-4065bfc6fedf@github.com>
 <v326L2lJlSdNtplzN0URu2B7h9ezPcCE6dtOsXpB38Y=.7980d20e-8b2c-43e3-bd13-c73679687223@github.com>
 <fb7uBfChNeHF35I6rPN38boqMnKuQrwnWYBuvHdp0Ww=.23008312-aa62-4798-ab60-fb370843d65f@github.com>
Message-ID: <YVhTyTTVvNhBbbFvSkGnyubSUCDYj2ciGS3dyXXFa0g=.aadbd438-991b-4858-bdb0-5ca88a9d29ab@github.com>

On Mon, 15 Dec 2025 09:34:44 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> I checked all other uses of `CHM.compute` in the `java.net.http` module; most of them are trivially correct. The ones in `AltServiceRegistry` are not trivial, and might need to be replaced with something easier to reason about. I'll look into that.
>> 
>> EDIT - checked the `AltServiceRegistry`; `compute` is only used on a (non-concurrent) HashMap while holding a lock, and the lambdas only use functions internal to the registry. This should be fine as well.
>
>> I checked all other uses of `CHM.compute` in the `java.net.http` module; most of them are trivially correct. The ones in `AltServiceRegistry` are not trivial, and might need to be replaced with something easier to reason about. I'll look into that.
>> 
>> EDIT - checked the `AltServiceRegistry`; `compute` is only used on a (non-concurrent) HashMap while holding a lock, and the lambdas only use functions internal to the registry. This should be fine as well.
> 
> Thanks for checking the other uses of `CHM.compute` @djelinski !

Thanks @dfuch for the review!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28788#issuecomment-3664091377

From djelinski at openjdk.org  Wed Dec 17 08:27:28 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 17 Dec 2025 08:27:28 GMT
Subject: [jdk26] RFR: 8373409:
 java/net/httpclient/http3/H3ErrorHandlingTest.java failed due to deadlock
Message-ID: <d4CVkaVQSX2riz5ne1rNkAjyoo8CvjV48rBwcd0kY34=.82087930-f80e-4b3e-a0e0-62496874652b@github.com>

Hi all,

This pull request contains a backport of commit [386ad614](https://github.com/openjdk/jdk/commit/386ad61458a3901622b92ca56982d728c11b846a) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository.

The commit being backported was authored by Daniel Jeli?ski on 17 Dec 2025 and was reviewed by Daniel Fuchs.

Thanks!

-------------

Commit messages:
 - Backport 386ad61458a3901622b92ca56982d728c11b846a

Changes: https://git.openjdk.org/jdk/pull/28862/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28862&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373409
  Stats: 57 lines in 2 files changed: 21 ins; 26 del; 10 mod
  Patch: https://git.openjdk.org/jdk/pull/28862.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28862/head:pull/28862

PR: https://git.openjdk.org/jdk/pull/28862

From mbaesken at openjdk.org  Wed Dec 17 08:45:11 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Wed, 17 Dec 2025 08:45:11 GMT
Subject: RFR: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6 [v2]
In-Reply-To: <Nhw2TqPYQrJcWOUUuBqKSSltkOacbRcH9CBd_tsvfGI=.943c8cfc-0348-45ed-92ce-610054a9b2df@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
 <Nhw2TqPYQrJcWOUUuBqKSSltkOacbRcH9CBd_tsvfGI=.943c8cfc-0348-45ed-92ce-610054a9b2df@github.com>
Message-ID: <rrabFwY4r7gENHTR88WCkOFGXDghXdXKALSkoYFlvA8=.c4b44b01-6870-426e-842c-b7f8dd31a16d@github.com>

On Tue, 16 Dec 2025 13:25:35 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> We have a Linux machine with IPV6 disabled.
>> There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
>> Error is
>> 
>> java.lang.RuntimeException: Server failed to start.
>> at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
>> at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
>> at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
>> at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:565)
>> at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
>> at java.base/java.lang.Thread.run(Thread.java:1516)
>> Caused by: java.net.SocketException: Protocol family unavailable
>> 
>> 
>> After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
>> Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .
>
> Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:
> 
>   remove net_util_md.c changes, we'll do this in a separate issue

Thanks for the reviews !  Maybe someone wants to look also at https://bugs.openjdk.org/browse/JDK-8373704  /  https://github.com/openjdk/jdk/pull/28851    ?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28825#issuecomment-3664265849

From mbaesken at openjdk.org  Wed Dec 17 08:47:36 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Wed, 17 Dec 2025 08:47:36 GMT
Subject: Integrated: 8373676: Test
 javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine
 without IPV6
In-Reply-To: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
References: <Vi8K_-1GIxmnZ0IZ-CzliKhZBSdzhI07Ms3X9-32haY=.2c6435aa-8aac-4ee7-800f-0304ee4fef3b@github.com>
Message-ID: <cGvEli00rWuEppeezOfV2m_PrjTMbxWRyvcPA86DdEs=.b1cb1310-41b4-49ba-8e22-6acb43e34642@github.com>

On Mon, 15 Dec 2025 13:15:32 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

> We have a Linux machine with IPV6 disabled.
> There the test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails.
> Error is
> 
> java.lang.RuntimeException: Server failed to start.
> at SubjectAltNameIP.doClientSide(SubjectAltNameIP.java:139)
> at SubjectAltNameIP.<init>(SubjectAltNameIP.java:189)
> at SubjectAltNameIP.main(SubjectAltNameIP.java:176)
> at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
> at java.base/java.lang.reflect.Method.invoke(Method.java:565)
> at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
> at java.base/java.lang.Thread.run(Thread.java:1516)
> Caused by: java.net.SocketException: Protocol family unavailable
> 
> 
> After looking into the test, it turned out the IPV6 address `::1`  was passed in the notion `[::1] `to the isIPv6LiteralAddress, but this method must get the address without '[' and ']' .
> Additionally I adjusted the exception a bit so that it directly mentions IPV6 and not just some 'protol family' .

This pull request has now been integrated.

Changeset: 9e2008bf
Author:    Matthias Baesken <mbaesken at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/9e2008bf5e9a63b640eefc6cc7ec5c4f344c4266
Stats:     8 lines in 1 file changed: 5 ins; 0 del; 3 mod

8373676: Test javax/net/ssl/HttpsURLConnection/SubjectAltNameIP.java fails on a machine without IPV6

Reviewed-by: jpai, dfuchs

-------------

PR: https://git.openjdk.org/jdk/pull/28825

From dfuchs at openjdk.org  Wed Dec 17 08:54:45 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 08:54:45 GMT
Subject: [jdk26] RFR: 8373409:
 java/net/httpclient/http3/H3ErrorHandlingTest.java failed due to deadlock
In-Reply-To: <d4CVkaVQSX2riz5ne1rNkAjyoo8CvjV48rBwcd0kY34=.82087930-f80e-4b3e-a0e0-62496874652b@github.com>
References: <d4CVkaVQSX2riz5ne1rNkAjyoo8CvjV48rBwcd0kY34=.82087930-f80e-4b3e-a0e0-62496874652b@github.com>
Message-ID: <qfMHf8SxYsaATtgYY7ph_kpa5qJWpOfvo-NkrD_oAeQ=.9eb96760-cf8a-4cfb-b670-623fe29232de@github.com>

On Wed, 17 Dec 2025 08:20:04 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> Hi all,
> 
> This pull request contains a backport of commit [386ad614](https://github.com/openjdk/jdk/commit/386ad61458a3901622b92ca56982d728c11b846a) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository.
> 
> The commit being backported was authored by Daniel Jeli?ski on 17 Dec 2025 and was reviewed by Daniel Fuchs.
> 
> Thanks!

Looks identical to the commit pushed to 27.

-------------

Marked as reviewed by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28862#pullrequestreview-3586645845

From michaelm at openjdk.org  Wed Dec 17 08:58:24 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Wed, 17 Dec 2025 08:58:24 GMT
Subject: Integrated: 8370655: Check EINTR handling InetAddress implementation
 and NET_ThrowNew
In-Reply-To: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
References: <oNDljYLleCVMyw8--8Zzv8QWpaK6P4B8IFW4k654rgA=.d19e4369-06a8-4533-9934-817b5509f27d@github.com>
Message-ID: <IgMg6rq40oenkrPEnft2vkWSwU1iyelj6wzfTiE4txY=.8a116aef-b52e-4d77-8a97-fd65af401fc4@github.com>

On Wed, 10 Dec 2025 15:29:51 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

> Hi,
> 
> This change updates the use of NET_ThrowNew in Inet4AddressImpl.c + Inet6AddressImpl.c (unix).
> Currently EINTR is incorrectly handled in NET_ThrowNew to throw InterruptedIOException.
> 
> The only possible places in these files where EINTR can be returned is in the sendto() calls
> for ping4() and ping6() used by the InetAddress.isReachable() API.
> 
> The change checks for EINTR returned from those calls and restarts the sendto()
> if the timeout allows it. If EINTR is detected by NET_ThrowNew it is thrown as an ordinary
> SocketException, but this should not happen.
> 
> The fix is only partially tested as it is difficult to make sendto() return EINTR in practice, but
> I added a unit test for the new native function that checks if the timeout has expired.
> 
> Thanks,
> Michael

This pull request has now been integrated.

Changeset: 4924b29f
Author:    Michael McMahon <michaelm at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/4924b29fa519996b806ac0f4a7c898085f44bc4c
Stats:     66 lines in 5 files changed: 33 ins; 4 del; 29 mod

8370655: Check EINTR handling InetAddress implementation and NET_ThrowNew

Reviewed-by: alanb

-------------

PR: https://git.openjdk.org/jdk/pull/28750

From djelinski at openjdk.org  Wed Dec 17 10:04:16 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 17 Dec 2025 10:04:16 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v2]
In-Reply-To: <eQdDomNHsLyZpxR7G1J0XGrPrFlRNyMTxX-JytY9NeU=.929dd8b1-5b23-494b-baa9-b5c780dca342@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <b2SYLtfl9BQtLLtJjuO-xCmwkLW-gcAw4T_Z-QAlu4M=.39ddbf81-23ed-491c-a579-b523b542347c@github.com>
 <UhbfmrmtisUQhCRhwXp6gfi9VBTZBNBLfV9CGzVBm70=.8781478c-98de-4382-8059-02f85bac0102@github.com>
 <eQdDomNHsLyZpxR7G1J0XGrPrFlRNyMTxX-JytY9NeU=.929dd8b1-5b23-494b-baa9-b5c780dca342@github.com>
Message-ID: <0fYDG-5iGP1-HIJl7vzOJa7-NPyFGV7tG9DGM16dkdY=.f99d0f64-3f13-452e-a14b-71add32a702a@github.com>

On Tue, 16 Dec 2025 22:09:33 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> src/jdk.httpserver/share/classes/sun/net/httpserver/ServerImpl.java line 740:
>> 
>>> 738:                 Request req;
>>> 739:                 try {
>>> 740:                     req = new Request(rawin, rawout, newconnection && !https);
>> 
>> I'd skip the `!https` check here.
>
> We only need the check for clear connections. Why would you keep it with https?

Because any input that starts with a character below 32 may not be a HTTP request, so we might as well reject such bytes over TLS too.

Ideally we'd have a state machine that would reject any request as soon as we receive a byte that is not valid in a HTTP request, but what you have is a good improvement already.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2626385975

From djelinski at openjdk.org  Wed Dec 17 10:04:13 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 17 Dec 2025 10:04:13 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v2]
In-Reply-To: <b2SYLtfl9BQtLLtJjuO-xCmwkLW-gcAw4T_Z-QAlu4M=.39ddbf81-23ed-491c-a579-b523b542347c@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <b2SYLtfl9BQtLLtJjuO-xCmwkLW-gcAw4T_Z-QAlu4M=.39ddbf81-23ed-491c-a579-b523b542347c@github.com>
Message-ID: <IwiTagRQhXRJ9NRHubVFIQTKmwDqt4IJEr9phouVH5g=.466c6d4d-732b-4a9d-b6c7-74b261f74ca2@github.com>

On Mon, 15 Dec 2025 17:52:56 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> The first byte of a SSL ClientHello handshake record is 0x16 (22).
>> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
>> 
>> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
>
> Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:
> 
>   minor test fix - unused import + obsolete comment

Marked as reviewed by djelinski (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28827#pullrequestreview-3586939513

From dfuchs at openjdk.org  Wed Dec 17 10:21:09 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 10:21:09 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v2]
In-Reply-To: <0fYDG-5iGP1-HIJl7vzOJa7-NPyFGV7tG9DGM16dkdY=.f99d0f64-3f13-452e-a14b-71add32a702a@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <b2SYLtfl9BQtLLtJjuO-xCmwkLW-gcAw4T_Z-QAlu4M=.39ddbf81-23ed-491c-a579-b523b542347c@github.com>
 <UhbfmrmtisUQhCRhwXp6gfi9VBTZBNBLfV9CGzVBm70=.8781478c-98de-4382-8059-02f85bac0102@github.com>
 <eQdDomNHsLyZpxR7G1J0XGrPrFlRNyMTxX-JytY9NeU=.929dd8b1-5b23-494b-baa9-b5c780dca342@github.com>
 <0fYDG-5iGP1-HIJl7vzOJa7-NPyFGV7tG9DGM16dkdY=.f99d0f64-3f13-452e-a14b-71add32a702a@github.com>
Message-ID: <3QpIl8F2ad0BwDJpqfYknJ2-dEHaQGElxErTmXDtxuk=.934a3e43-da9e-44a6-a61d-86f0a182da59@github.com>

On Wed, 17 Dec 2025 10:01:20 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> We only need the check for clear connections. Why would you keep it with https?
>
> Because any input that starts with a character below 32 may not be a HTTP request, so we might as well reject such bytes over TLS too.
> 
> Ideally we'd have a state machine that would reject any request as soon as we receive a byte that is not valid in a HTTP request, but what you have is a good improvement already.

Right. We could do that as future improvement. Let's focus this change on TLS clients connecting to non-TLS server.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2626441679

From dfuchs at openjdk.org  Wed Dec 17 10:40:57 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 10:40:57 GMT
Subject: RFR: 8373807:
 test/jdk/java/net/httpclient/websocket/DummyWebSocketServer.java getURI() uses
 "localhost"
Message-ID: <kbERcGLamrZzDtOkIW46qI0fWNRTiYhRsVPALlH72Fc=.b89b8b43-959e-465f-9978-c7fc7d42e464@github.com>

The WebSockteTest was observed failing in timeout once, waiting for the completable future returned by `WebSocketBuilder::build` to complete. The suspicion is that it may have been caused by the request being misdirected due to the use of "localhost" in the URI. 

This trivial fix ensures that the DumyWebSocketServer::getURI returns a URI with a literal IP address instead of relying on "localhost".

-------------

Commit messages:
 - 8373807: test/jdk/java/net/httpclient/websocket/DummyWebSocketServer.java getURI() uses "localhost"

Changes: https://git.openjdk.org/jdk/pull/28864/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28864&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373807
  Stats: 8 lines in 1 file changed: 7 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/28864.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28864/head:pull/28864

PR: https://git.openjdk.org/jdk/pull/28864

From aturbanov at openjdk.org  Wed Dec 17 10:42:50 2025
From: aturbanov at openjdk.org (Andrey Turbanov)
Date: Wed, 17 Dec 2025 10:42:50 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v2]
In-Reply-To: <b2SYLtfl9BQtLLtJjuO-xCmwkLW-gcAw4T_Z-QAlu4M=.39ddbf81-23ed-491c-a579-b523b542347c@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <b2SYLtfl9BQtLLtJjuO-xCmwkLW-gcAw4T_Z-QAlu4M=.39ddbf81-23ed-491c-a579-b523b542347c@github.com>
Message-ID: <Xl04x-wkkIrj1c84XfwF5rG_cs_6xglAoZsGSQOt78c=.cbc49d09-e8d6-49ef-b1a0-fdb91d43b675@github.com>

On Mon, 15 Dec 2025 17:52:56 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> The first byte of a SSL ClientHello handshake record is 0x16 (22).
>> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
>> 
>> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
>
> Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:
> 
>   minor test fix - unused import + obsolete comment

src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java line 50:

> 48:     private OutputStream os;
> 49:     private final int maxReqHeaderSize;
> 50:     private final  boolean firstClearRequest;

Suggestion:

    private final boolean firstClearRequest;

test/jdk/com/sun/net/httpserver/ClearTextServerSSL.java line 84:

> 82:         var sslContext = new SimpleSSLContext().get();
> 83:         var handler = new TestHandler();
> 84:         var server = HttpServer.create(new InetSocketAddress(LOOPBACK_ADDR,0), 0);

Suggestion:

        var server = HttpServer.create(new InetSocketAddress(LOOPBACK_ADDR, 0), 0);

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2626525051
PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2626525677

From jpai at openjdk.org  Wed Dec 17 10:58:08 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Wed, 17 Dec 2025 10:58:08 GMT
Subject: RFR: 8373807:
 test/jdk/java/net/httpclient/websocket/DummyWebSocketServer.java getURI() uses
 "localhost"
In-Reply-To: <kbERcGLamrZzDtOkIW46qI0fWNRTiYhRsVPALlH72Fc=.b89b8b43-959e-465f-9978-c7fc7d42e464@github.com>
References: <kbERcGLamrZzDtOkIW46qI0fWNRTiYhRsVPALlH72Fc=.b89b8b43-959e-465f-9978-c7fc7d42e464@github.com>
Message-ID: <dYbAv9Pdu3ZiOu2BYDrjYwPutxdB6FS7NhRrNTMDgGw=.152f671c-c92f-4ab0-9601-3853f3286e76@github.com>

On Wed, 17 Dec 2025 10:32:56 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The WebSockteTest was observed failing in timeout once, waiting for the completable future returned by `WebSocketBuilder::build` to complete. The suspicion is that it may have been caused by the request being misdirected due to the use of "localhost" in the URI. 
> 
> This trivial fix ensures that the DumyWebSocketServer::getURI returns a URI with a literal IP address instead of relying on "localhost".

test/jdk/java/net/httpclient/websocket/DummyWebSocketServer.java line 356:

> 354:         String ip = address.getAddress().isAnyLocalAddress()
> 355:                 ? InetAddress.getLoopbackAddress().getHostAddress()
> 356:                 : address.getAddress().getHostAddress();

Hello Daniel, this looks OK to me. But given that we always use loopback address to bind the ServerSocketChannel in this test (line 333), can we just use loopback address here too?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28864#discussion_r2626578735

From dfuchs at openjdk.org  Wed Dec 17 10:58:09 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 10:58:09 GMT
Subject: RFR: 8373807:
 test/jdk/java/net/httpclient/websocket/DummyWebSocketServer.java getURI() uses
 "localhost"
In-Reply-To: <dYbAv9Pdu3ZiOu2BYDrjYwPutxdB6FS7NhRrNTMDgGw=.152f671c-c92f-4ab0-9601-3853f3286e76@github.com>
References: <kbERcGLamrZzDtOkIW46qI0fWNRTiYhRsVPALlH72Fc=.b89b8b43-959e-465f-9978-c7fc7d42e464@github.com>
 <dYbAv9Pdu3ZiOu2BYDrjYwPutxdB6FS7NhRrNTMDgGw=.152f671c-c92f-4ab0-9601-3853f3286e76@github.com>
Message-ID: <i58zUEUUuXve9jKY5QJ3W-NxkNhoeBT1KdeWD0z3grc=.c726eb60-84ab-431a-a21c-0971d068516f@github.com>

On Wed, 17 Dec 2025 10:53:03 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> The WebSockteTest was observed failing in timeout once, waiting for the completable future returned by `WebSocketBuilder::build` to complete. The suspicion is that it may have been caused by the request being misdirected due to the use of "localhost" in the URI. 
>> 
>> This trivial fix ensures that the DumyWebSocketServer::getURI returns a URI with a literal IP address instead of relying on "localhost".
>
> test/jdk/java/net/httpclient/websocket/DummyWebSocketServer.java line 356:
> 
>> 354:         String ip = address.getAddress().isAnyLocalAddress()
>> 355:                 ? InetAddress.getLoopbackAddress().getHostAddress()
>> 356:                 : address.getAddress().getHostAddress();
> 
> Hello Daniel, this looks OK to me. But given that we always use loopback address to bind the ServerSocketChannel in this test (line 333), can we just use loopback address here too?

We could - I added a check to `.isAnyLocalAddress()` to make it generic and not make any assumption on the address the server would bind to.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28864#discussion_r2626588152

From dfuchs at openjdk.org  Wed Dec 17 10:58:29 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 10:58:29 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v3]
In-Reply-To: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
Message-ID: <Ly3ER0UT_QAYEDTvVu7wqXxjkHjO7QtoFabaa_LMO-Q=.385230aa-bf4a-4232-a34b-fa8b91c26f99@github.com>

> The first byte of a SSL ClientHello handshake record is 0x16 (22).
> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
> 
> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.

Daniel Fuchs has updated the pull request incrementally with two additional commits since the last revision:

 - Update test/jdk/com/sun/net/httpserver/ClearTextServerSSL.java
   
   Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
 - Update src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java
   
   Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28827/files
  - new: https://git.openjdk.org/jdk/pull/28827/files/d7c25539..05704ead

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28827&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28827&range=01-02

  Stats: 2 lines in 2 files changed: 0 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28827.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28827/head:pull/28827

PR: https://git.openjdk.org/jdk/pull/28827

From jpai at openjdk.org  Wed Dec 17 11:09:46 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Wed, 17 Dec 2025 11:09:46 GMT
Subject: RFR: 8373807:
 test/jdk/java/net/httpclient/websocket/DummyWebSocketServer.java getURI() uses
 "localhost"
In-Reply-To: <kbERcGLamrZzDtOkIW46qI0fWNRTiYhRsVPALlH72Fc=.b89b8b43-959e-465f-9978-c7fc7d42e464@github.com>
References: <kbERcGLamrZzDtOkIW46qI0fWNRTiYhRsVPALlH72Fc=.b89b8b43-959e-465f-9978-c7fc7d42e464@github.com>
Message-ID: <pSq_2jX5ZsZsc-_O2cssQtYMSxofvW_ZWV9_8hNhbko=.8fa87010-0893-417f-b624-8e2d5c01c765@github.com>

On Wed, 17 Dec 2025 10:32:56 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The WebSockteTest was observed failing in timeout once, waiting for the completable future returned by `WebSocketBuilder::build` to complete. The suspicion is that it may have been caused by the request being misdirected due to the use of "localhost" in the URI. 
> 
> This trivial fix ensures that the DumyWebSocketServer::getURI returns a URI with a literal IP address instead of relying on "localhost".

Looks good to me.

-------------

Marked as reviewed by jpai (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28864#pullrequestreview-3587215851

From dfuchs at openjdk.org  Wed Dec 17 11:11:23 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 11:11:23 GMT
Subject: RFR: 8373796: Refactor
 java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5 [v3]
In-Reply-To: <1KCdqnOboHD5YuKQRlGwhYsg6pI1oLFZJRLgj8Pyn6U=.5c0729ad-a8fe-4809-8d8b-f93612d6062f@github.com>
References: <1KCdqnOboHD5YuKQRlGwhYsg6pI1oLFZJRLgj8Pyn6U=.5c0729ad-a8fe-4809-8d8b-f93612d6062f@github.com>
Message-ID: <_TAdyoMHcFde3W9xYAe7_q2XC1EP3n3MLnGOub8XJ9E=.aef70ebc-c797-4798-9ecf-8e2f204ef42b@github.com>

> These test used to use the testng `IContextTest` API to stop tests after the first failure.
> @sormuras suggested an even more elegant way to do that with JUnit.
> Usage of IContextTest has been replaced with a `TestWatcher` that records the first failure and uses `Assumptions` to prevent further test execution. 
> 
> The rest of the changes were (almost) mechanical.

Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:

 - Merge branch 'master' into JUnit-ThrowingPublishers-8373796
 - Minor cleanup
 - 8373796: Refactor java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28846/files
  - new: https://git.openjdk.org/jdk/pull/28846/files/2c17b02c..543d2158

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28846&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28846&range=01-02

  Stats: 5494 lines in 231 files changed: 3750 ins; 458 del; 1286 mod
  Patch: https://git.openjdk.org/jdk/pull/28846.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28846/head:pull/28846

PR: https://git.openjdk.org/jdk/pull/28846

From jpai at openjdk.org  Wed Dec 17 11:20:55 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Wed, 17 Dec 2025 11:20:55 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v3]
In-Reply-To: <Ly3ER0UT_QAYEDTvVu7wqXxjkHjO7QtoFabaa_LMO-Q=.385230aa-bf4a-4232-a34b-fa8b91c26f99@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <Ly3ER0UT_QAYEDTvVu7wqXxjkHjO7QtoFabaa_LMO-Q=.385230aa-bf4a-4232-a34b-fa8b91c26f99@github.com>
Message-ID: <srra8GjfEQZ6ipSBr9OBwwzG13zbBTzn4bb3GTScbgY=.2836d11e-13a8-4a8e-a444-e4e2c6103231@github.com>

On Wed, 17 Dec 2025 10:58:29 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> The first byte of a SSL ClientHello handshake record is 0x16 (22).
>> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
>> 
>> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
>
> Daniel Fuchs has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - Update test/jdk/com/sun/net/httpserver/ClearTextServerSSL.java
>    
>    Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
>  - Update src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java
>    
>    Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>

src/jdk.httpserver/share/classes/sun/net/httpserver/ServerImpl.java line 743:

> 741:                 } catch (ProtocolException pe) {
> 742:                     logger.log(Level.DEBUG, pe.toString());
> 743:                     logger.log(Level.DEBUG, "Bad first char in request line: closing");

Could we perhaps combine these 2 lines into one:


logger.log(Level.DEBUG, "closing due to: " + pe.toString());

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2626659192

From dfuchs at openjdk.org  Wed Dec 17 11:33:16 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 11:33:16 GMT
Subject: RFR: 8373866: Refactor java/net/httpclient/ThrowingSubscribers*.java
 tests to use JUnit5
Message-ID: <ARJUp1bpeVA8Dcv_UQZAeH03pyQZLzSzYX0lhg4zJGo=.93fc3584-de04-4118-a46d-016afe6c16c5@github.com>

These test used to use the testng IContextTest API to stop tests after the first failure.
Usage of IContextTest has been replaced with a TestWatcher that records the first failure and uses Assumptions to prevent further test execution.

This is similar to what was done for the `java/net/httpclient/ThrowingPublishers*.java` tests in https://github.com/openjdk/jdk/pull/28846

-------------

Commit messages:
 - 8373866: Refactor java/net/httpclient/ThrowingSubscribers*.java tests to use JUnit5

Changes: https://git.openjdk.org/jdk/pull/28865/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28865&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373866
  Stats: 166 lines in 10 files changed: 54 ins; 33 del; 79 mod
  Patch: https://git.openjdk.org/jdk/pull/28865.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28865/head:pull/28865

PR: https://git.openjdk.org/jdk/pull/28865

From dfuchs at openjdk.org  Wed Dec 17 11:51:04 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 11:51:04 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v4]
In-Reply-To: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
Message-ID: <louW1r9k6zo5g8hZaOhqfLC3CmngVDWUQG-2zyH0_i8=.67e07773-7154-4409-8c51-a8bb5fbaaf05@github.com>

> The first byte of a SSL ClientHello handshake record is 0x16 (22).
> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
> 
> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.

Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 10 additional commits since the last revision:

 - .toString() is not needed
 - Review feedback: improved logging
 - Merge branch 'master' into ClearTextSSL-8373677
 - Update test/jdk/com/sun/net/httpserver/ClearTextServerSSL.java
   
   Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
 - Update src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java
   
   Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
 - minor test fix - unused import + obsolete comment
 - fix whitespace
 - fix copyright year in test
 - add bug id to test
 - 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28827/files
  - new: https://git.openjdk.org/jdk/pull/28827/files/05704ead..2fe11cf3

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28827&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28827&range=02-03

  Stats: 6547 lines in 291 files changed: 4362 ins; 617 del; 1568 mod
  Patch: https://git.openjdk.org/jdk/pull/28827.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28827/head:pull/28827

PR: https://git.openjdk.org/jdk/pull/28827

From dfuchs at openjdk.org  Wed Dec 17 11:51:08 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 11:51:08 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v3]
In-Reply-To: <srra8GjfEQZ6ipSBr9OBwwzG13zbBTzn4bb3GTScbgY=.2836d11e-13a8-4a8e-a444-e4e2c6103231@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <Ly3ER0UT_QAYEDTvVu7wqXxjkHjO7QtoFabaa_LMO-Q=.385230aa-bf4a-4232-a34b-fa8b91c26f99@github.com>
 <srra8GjfEQZ6ipSBr9OBwwzG13zbBTzn4bb3GTScbgY=.2836d11e-13a8-4a8e-a444-e4e2c6103231@github.com>
Message-ID: <jRXlxxwBPbRZbRbQzsu8Dk2b-pqceDVQ3FZj_antdoU=.04d0d977-88ba-4dd8-a459-8b49217de201@github.com>

On Wed, 17 Dec 2025 11:18:28 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Daniel Fuchs has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - Update test/jdk/com/sun/net/httpserver/ClearTextServerSSL.java
>>    
>>    Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
>>  - Update src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java
>>    
>>    Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
>
> src/jdk.httpserver/share/classes/sun/net/httpserver/ServerImpl.java line 743:
> 
>> 741:                 } catch (ProtocolException pe) {
>> 742:                     logger.log(Level.DEBUG, pe.toString());
>> 743:                     logger.log(Level.DEBUG, "Bad first char in request line: closing");
> 
> Could we perhaps combine these 2 lines into one:
> 
> 
> logger.log(Level.DEBUG, "closing due to: " + pe.toString());

done.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2626734549

From dfuchs at openjdk.org  Wed Dec 17 12:04:33 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 12:04:33 GMT
Subject: RFR: 8373866: Refactor
 java/net/httpclient/ThrowingSubscribers*.java tests to use JUnit5 [v2]
In-Reply-To: <ARJUp1bpeVA8Dcv_UQZAeH03pyQZLzSzYX0lhg4zJGo=.93fc3584-de04-4118-a46d-016afe6c16c5@github.com>
References: <ARJUp1bpeVA8Dcv_UQZAeH03pyQZLzSzYX0lhg4zJGo=.93fc3584-de04-4118-a46d-016afe6c16c5@github.com>
Message-ID: <GocsmGVsm_8BgRRte6tGr4BEt6IB4G0LNmfKt3XQ1MI=.dced4e94-a81b-445e-901e-2d307b323c44@github.com>

> These test used to use the testng IContextTest API to stop tests after the first failure.
> Usage of IContextTest has been replaced with a TestWatcher that records the first failure and uses Assumptions to prevent further test execution.
> 
> This is similar to what was done for the `java/net/httpclient/ThrowingPublishers*.java` tests in https://github.com/openjdk/jdk/pull/28846

Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:

  small abstract class cleanup

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28865/files
  - new: https://git.openjdk.org/jdk/pull/28865/files/80abd2f9..4b0c6cc6

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28865&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28865&range=00-01

  Stats: 7 lines in 1 file changed: 0 ins; 6 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/28865.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28865/head:pull/28865

PR: https://git.openjdk.org/jdk/pull/28865

From jpai at openjdk.org  Wed Dec 17 12:05:07 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Wed, 17 Dec 2025 12:05:07 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v4]
In-Reply-To: <louW1r9k6zo5g8hZaOhqfLC3CmngVDWUQG-2zyH0_i8=.67e07773-7154-4409-8c51-a8bb5fbaaf05@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <louW1r9k6zo5g8hZaOhqfLC3CmngVDWUQG-2zyH0_i8=.67e07773-7154-4409-8c51-a8bb5fbaaf05@github.com>
Message-ID: <6D9TDxLeCDMYxDIIYaQc4UvxVWodbPvVlzs-HIpJuNo=.0d467606-952b-4a1e-b6c3-bf429adc6271@github.com>

On Wed, 17 Dec 2025 11:51:04 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> The first byte of a SSL ClientHello handshake record is 0x16 (22).
>> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
>> 
>> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
>
> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 10 additional commits since the last revision:
> 
>  - .toString() is not needed
>  - Review feedback: improved logging
>  - Merge branch 'master' into ClearTextSSL-8373677
>  - Update test/jdk/com/sun/net/httpserver/ClearTextServerSSL.java
>    
>    Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
>  - Update src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java
>    
>    Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
>  - minor test fix - unused import + obsolete comment
>  - fix whitespace
>  - fix copyright year in test
>  - add bug id to test
>  - 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello

src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java line 119:

> 117:                             throw new ProtocolException("Unexpected start of request line");
> 118:                         }
> 119:                         offset++;

The changes look good to me. It took me a while to understand what this `offset` was and how those increments are used. It looks like it behaves merely like a boolean to decide whether or not to check the byte against the `FIRST_CHAR`. Maybe we could change `int offset` to `boolean firstByteChecked = false;`. It's also OK if you like to leave it in the current form.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2626792411

From jpai at openjdk.org  Wed Dec 17 12:08:10 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Wed, 17 Dec 2025 12:08:10 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v4]
In-Reply-To: <louW1r9k6zo5g8hZaOhqfLC3CmngVDWUQG-2zyH0_i8=.67e07773-7154-4409-8c51-a8bb5fbaaf05@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <louW1r9k6zo5g8hZaOhqfLC3CmngVDWUQG-2zyH0_i8=.67e07773-7154-4409-8c51-a8bb5fbaaf05@github.com>
Message-ID: <agurmvPYg5B8u_WbFxpHv7u02esrMPA73V28NATc18E=.53939212-2302-454e-8946-3a583ea2232e@github.com>

On Wed, 17 Dec 2025 11:51:04 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> The first byte of a SSL ClientHello handshake record is 0x16 (22).
>> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
>> 
>> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
>
> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 10 additional commits since the last revision:
> 
>  - .toString() is not needed
>  - Review feedback: improved logging
>  - Merge branch 'master' into ClearTextSSL-8373677
>  - Update test/jdk/com/sun/net/httpserver/ClearTextServerSSL.java
>    
>    Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
>  - Update src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java
>    
>    Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
>  - minor test fix - unused import + obsolete comment
>  - fix whitespace
>  - fix copyright year in test
>  - add bug id to test
>  - 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello

Marked as reviewed by jpai (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28827#pullrequestreview-3587418655

From dfuchs at openjdk.org  Wed Dec 17 12:17:03 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 12:17:03 GMT
Subject: RFR: 8373677: Clear text HttpServer connection could fail fast if
 receiving SSL ClientHello [v4]
In-Reply-To: <6D9TDxLeCDMYxDIIYaQc4UvxVWodbPvVlzs-HIpJuNo=.0d467606-952b-4a1e-b6c3-bf429adc6271@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
 <louW1r9k6zo5g8hZaOhqfLC3CmngVDWUQG-2zyH0_i8=.67e07773-7154-4409-8c51-a8bb5fbaaf05@github.com>
 <6D9TDxLeCDMYxDIIYaQc4UvxVWodbPvVlzs-HIpJuNo=.0d467606-952b-4a1e-b6c3-bf429adc6271@github.com>
Message-ID: <EDRnmnB0RKkTj3WhDghtWKedwSv3BoaDNDlPXok7VgU=.43aabcf9-d13c-435d-b537-36ea1a25014f@github.com>

On Wed, 17 Dec 2025 12:02:18 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 10 additional commits since the last revision:
>> 
>>  - .toString() is not needed
>>  - Review feedback: improved logging
>>  - Merge branch 'master' into ClearTextSSL-8373677
>>  - Update test/jdk/com/sun/net/httpserver/ClearTextServerSSL.java
>>    
>>    Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
>>  - Update src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java
>>    
>>    Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
>>  - minor test fix - unused import + obsolete comment
>>  - fix whitespace
>>  - fix copyright year in test
>>  - add bug id to test
>>  - 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello
>
> src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java line 119:
> 
>> 117:                             throw new ProtocolException("Unexpected start of request line");
>> 118:                         }
>> 119:                         offset++;
> 
> The changes look good to me. It took me a while to understand what this `offset` was and how those increments are used. It looks like it behaves merely like a boolean to decide whether or not to check the byte against the `FIRST_CHAR`. Maybe we could change `int offset` to `boolean firstByteChecked = false;`. It's also OK if you like to leave it in the current form.

I'll leave the offset. I have limited the check to the first byte, but arguably we could improve the parsing of the request line in the future by checking the full syntax here. It would be a more complex enhancement so better be handled in a future PR.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2626820612

From dfuchs at openjdk.org  Wed Dec 17 12:17:04 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 12:17:04 GMT
Subject: Integrated: 8373677: Clear text HttpServer connection could fail fast
 if receiving SSL ClientHello
In-Reply-To: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
References: <7psnNB9l8VSqA5S7mJuHN4FJdcd86lmd4P6swzBSQ8E=.c60a3b3f-5cf3-4dfc-abe0-a2c7abe21b37@github.com>
Message-ID: <Zx35AOV2DopvCZVWs5uwpTv4l8jyNURiIKjTklJsTNU=.52bdd68c-c3ab-4932-a502-f0e846abc14d@github.com>

On Mon, 15 Dec 2025 15:40:13 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The first byte of a SSL ClientHello handshake record is 0x16 (22).
> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
> 
> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.

This pull request has now been integrated.

Changeset: 5e7ae281
Author:    Daniel Fuchs <dfuchs at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/5e7ae281326ca306339aaba101d4206dffdb9ca0
Stats:     206 lines in 3 files changed: 204 ins; 0 del; 2 mod

8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello

Reviewed-by: jpai, djelinski

-------------

PR: https://git.openjdk.org/jdk/pull/28827

From dfuchs at openjdk.org  Wed Dec 17 12:42:34 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 12:42:34 GMT
Subject: RFR: 8373869: Refactor java/net/httpclient/ThrowingPushPromises*.java
 tests to use JUnit5
Message-ID: <z_rQjMiiwbh9LlBX3W6F9iE0Yhc7YB8GLhSxPnW2Szc=.6e787267-506d-4fed-97ae-437ec9bffc56@github.com>

These test used to use the testng IContextTest API to stop tests after the first failure.
Usage of IContextTest has been replaced with a TestWatcher that records the first failure and uses Assumptions to prevent further test execution.

This is similar to what was done for the `java/net/httpclient/ThrowingPublishers*.java` tests in https://github.com/openjdk/jdk/pull/28846 and for `java/net/httpclient/ThrowingSubscribers*.java` in https://github.com/openjdk/jdk/pull/28865

-------------

Commit messages:
 - 8373869: Refactor java/net/httpclient/ThrowingPushPromises*.java tests to use JUnit5

Changes: https://git.openjdk.org/jdk/pull/28868/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28868&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373869
  Stats: 158 lines in 8 files changed: 51 ins; 39 del; 68 mod
  Patch: https://git.openjdk.org/jdk/pull/28868.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28868/head:pull/28868

PR: https://git.openjdk.org/jdk/pull/28868

From djelinski at openjdk.org  Wed Dec 17 16:37:54 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Wed, 17 Dec 2025 16:37:54 GMT
Subject: RFR: 8373877: QUIC connections are removed too early
Message-ID: <yZP2jcPttYZSyODIizT7TstyPTBb5paEpRxizYs1H0s=.d535373e-5c38-45a9-a22f-9edd1570fc6c@github.com>

When a QUIC connection receives a CONNECTION_CLOSE frame, it is supposed to enter the draining state, where all incoming (reordered / replayed) packets are silently discarded. However, the current implementation removes the connection from the endpoint, and reordered/replayed packets trigger sending of a stateless reset instead. This patch fixes that issue.

I modified the `StatelessResetReceiptTest` to verify that the connection is still registered with the endpoint after it enters the draining state. The new test fails (most of the time) without the fix, passes with the fix.

Existing httpclient tests continue to pass.

-------------

Commit messages:
 - Fix handling of draining connections
 - Add test

Changes: https://git.openjdk.org/jdk/pull/28874/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28874&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373877
  Stats: 26 lines in 4 files changed: 18 ins; 4 del; 4 mod
  Patch: https://git.openjdk.org/jdk/pull/28874.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28874/head:pull/28874

PR: https://git.openjdk.org/jdk/pull/28874

From dfuchs at openjdk.org  Wed Dec 17 17:58:22 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 17:58:22 GMT
Subject: RFR: 8373877: QUIC connections are removed too early
In-Reply-To: <yZP2jcPttYZSyODIizT7TstyPTBb5paEpRxizYs1H0s=.d535373e-5c38-45a9-a22f-9edd1570fc6c@github.com>
References: <yZP2jcPttYZSyODIizT7TstyPTBb5paEpRxizYs1H0s=.d535373e-5c38-45a9-a22f-9edd1570fc6c@github.com>
Message-ID: <sEBmXKJ_NrSXS9_e389z3M5JvgtdcuN9sqG4Ps5EL3U=.d7dcc128-3e94-4187-8320-cb64d85a8a75@github.com>

On Wed, 17 Dec 2025 15:53:01 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> When a QUIC connection receives a CONNECTION_CLOSE frame, it is supposed to enter the draining state, where all incoming (reordered / replayed) packets are silently discarded. However, the current implementation removes the connection from the endpoint, and reordered/replayed packets trigger sending of a stateless reset instead. This patch fixes that issue.
> 
> I modified the `StatelessResetReceiptTest` to verify that the connection is still registered with the endpoint after it enters the draining state. The new test fails (most of the time) without the fix, passes with the fix.
> 
> Existing httpclient tests continue to pass.

Looks good to me. We now only enter draining when we receive ConnectionCloseFrame, if we haven't sent ConnectionCloseFrame already.
If we are already in draining state, nothing to do.
If we are already in closing state, then we stay in closing state.
Looks good.

-------------

Marked as reviewed by dfuchs (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28874#pullrequestreview-3588930160

From dfuchs at openjdk.org  Wed Dec 17 18:47:27 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Wed, 17 Dec 2025 18:47:27 GMT
Subject: Integrated: 8373807:
 test/jdk/java/net/httpclient/websocket/DummyWebSocketServer.java getURI() uses
 "localhost"
In-Reply-To: <kbERcGLamrZzDtOkIW46qI0fWNRTiYhRsVPALlH72Fc=.b89b8b43-959e-465f-9978-c7fc7d42e464@github.com>
References: <kbERcGLamrZzDtOkIW46qI0fWNRTiYhRsVPALlH72Fc=.b89b8b43-959e-465f-9978-c7fc7d42e464@github.com>
Message-ID: <XG5bFImFjKSTgWIyuv0BiSzseSOn1W6G4XsRDAvCUDE=.4cb91b23-bca6-42e6-a494-3ca04c76c7ae@github.com>

On Wed, 17 Dec 2025 10:32:56 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> The WebSockteTest was observed failing in timeout once, waiting for the completable future returned by `WebSocketBuilder::build` to complete. The suspicion is that it may have been caused by the request being misdirected due to the use of "localhost" in the URI. 
> 
> This trivial fix ensures that the DumyWebSocketServer::getURI returns a URI with a literal IP address instead of relying on "localhost".

This pull request has now been integrated.

Changeset: f3a48560
Author:    Daniel Fuchs <dfuchs at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/f3a48560b5e3a280f6f76031eb3d475ff9ee49f4
Stats:     8 lines in 1 file changed: 7 ins; 0 del; 1 mod

8373807: test/jdk/java/net/httpclient/websocket/DummyWebSocketServer.java getURI() uses "localhost"

Reviewed-by: jpai

-------------

PR: https://git.openjdk.org/jdk/pull/28864

From weijun at openjdk.org  Wed Dec 17 22:12:16 2025
From: weijun at openjdk.org (Weijun Wang)
Date: Wed, 17 Dec 2025 22:12:16 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext" [v4]
In-Reply-To: <5lKedsCws1SZ_ATPYksUcXzM2UOuSkqcC6eo6vfmxTM=.521838e4-137c-45ba-aabe-920181248c23@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
 <5lKedsCws1SZ_ATPYksUcXzM2UOuSkqcC6eo6vfmxTM=.521838e4-137c-45ba-aabe-920181248c23@github.com>
Message-ID: <opXgl92wlszesV3D64WBCT6sH5xMdysRHQ_jAJ5xG1A=.958b65b8-f6b2-4602-9aff-e6742c7976b3@github.com>

On Fri, 12 Dec 2025 19:05:24 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

>> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.
>
> Volkan Yazici has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:
> 
>   Make sure `get()` returns the same instance

Marked as reviewed by weijun (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28765#pullrequestreview-3589890116

From jpai at openjdk.org  Thu Dec 18 09:21:33 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 18 Dec 2025 09:21:33 GMT
Subject: RFR: 8373869: Refactor
 java/net/httpclient/ThrowingPushPromises*.java tests to use JUnit5
In-Reply-To: <z_rQjMiiwbh9LlBX3W6F9iE0Yhc7YB8GLhSxPnW2Szc=.6e787267-506d-4fed-97ae-437ec9bffc56@github.com>
References: <z_rQjMiiwbh9LlBX3W6F9iE0Yhc7YB8GLhSxPnW2Szc=.6e787267-506d-4fed-97ae-437ec9bffc56@github.com>
Message-ID: <3dykwKTz3RS2GAtIeN8HqPwfwUwCCrWciJTBDvzA_yY=.0a499da8-b7eb-40f1-b598-4c041a78bb7d@github.com>

On Wed, 17 Dec 2025 12:34:47 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> These test used to use the testng IContextTest API to stop tests after the first failure.
> Usage of IContextTest has been replaced with a TestWatcher that records the first failure and uses Assumptions to prevent further test execution.
> 
> This is similar to what was done for the `java/net/httpclient/ThrowingPublishers*.java` tests in https://github.com/openjdk/jdk/pull/28846 and for `java/net/httpclient/ThrowingSubscribers*.java` in https://github.com/openjdk/jdk/pull/28865

This looks good to me.

-------------

Marked as reviewed by jpai (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28868#pullrequestreview-3591630533

From jpai at openjdk.org  Thu Dec 18 09:23:44 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 18 Dec 2025 09:23:44 GMT
Subject: RFR: 8373796: Refactor
 java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5 [v3]
In-Reply-To: <_TAdyoMHcFde3W9xYAe7_q2XC1EP3n3MLnGOub8XJ9E=.aef70ebc-c797-4798-9ecf-8e2f204ef42b@github.com>
References: <1KCdqnOboHD5YuKQRlGwhYsg6pI1oLFZJRLgj8Pyn6U=.5c0729ad-a8fe-4809-8d8b-f93612d6062f@github.com>
 <_TAdyoMHcFde3W9xYAe7_q2XC1EP3n3MLnGOub8XJ9E=.aef70ebc-c797-4798-9ecf-8e2f204ef42b@github.com>
Message-ID: <EuwmwITJXpHORrEO28-qiB7-zcIC5gd2QoLo6oeiRx0=.34022507-450c-4f65-b4c4-b57357094bc3@github.com>

On Wed, 17 Dec 2025 11:11:23 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> These test used to use the testng `IContextTest` API to stop tests after the first failure.
>> @sormuras suggested an even more elegant way to do that with JUnit.
>> Usage of IContextTest has been replaced with a `TestWatcher` that records the first failure and uses `Assumptions` to prevent further test execution. 
>> 
>> The rest of the changes were (almost) mechanical.
>
> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
> 
>  - Merge branch 'master' into JUnit-ThrowingPublishers-8373796
>  - Minor cleanup
>  - 8373796: Refactor java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5

Marked as reviewed by jpai (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28846#pullrequestreview-3591644672

From dfuchs at openjdk.org  Thu Dec 18 09:24:57 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 18 Dec 2025 09:24:57 GMT
Subject: Integrated: 8373869: Refactor
 java/net/httpclient/ThrowingPushPromises*.java tests to use JUnit5
In-Reply-To: <z_rQjMiiwbh9LlBX3W6F9iE0Yhc7YB8GLhSxPnW2Szc=.6e787267-506d-4fed-97ae-437ec9bffc56@github.com>
References: <z_rQjMiiwbh9LlBX3W6F9iE0Yhc7YB8GLhSxPnW2Szc=.6e787267-506d-4fed-97ae-437ec9bffc56@github.com>
Message-ID: <NsJCjsFQk3Y3WlswLFhXk-GeGiqrGjH72hbl0Kb48Fw=.17f5659b-9a54-45a0-a017-4d0bfee403ac@github.com>

On Wed, 17 Dec 2025 12:34:47 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> These test used to use the testng IContextTest API to stop tests after the first failure.
> Usage of IContextTest has been replaced with a TestWatcher that records the first failure and uses Assumptions to prevent further test execution.
> 
> This is similar to what was done for the `java/net/httpclient/ThrowingPublishers*.java` tests in https://github.com/openjdk/jdk/pull/28846 and for `java/net/httpclient/ThrowingSubscribers*.java` in https://github.com/openjdk/jdk/pull/28865

This pull request has now been integrated.

Changeset: e5ca7783
Author:    Daniel Fuchs <dfuchs at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/e5ca77838b9243321ed66afc2f460378d25add63
Stats:     158 lines in 8 files changed: 51 ins; 39 del; 68 mod

8373869: Refactor java/net/httpclient/ThrowingPushPromises*.java tests to use JUnit5

Reviewed-by: jpai

-------------

PR: https://git.openjdk.org/jdk/pull/28868

From jpai at openjdk.org  Thu Dec 18 09:28:55 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 18 Dec 2025 09:28:55 GMT
Subject: RFR: 8373866: Refactor
 java/net/httpclient/ThrowingSubscribers*.java tests to use JUnit5 [v2]
In-Reply-To: <GocsmGVsm_8BgRRte6tGr4BEt6IB4G0LNmfKt3XQ1MI=.dced4e94-a81b-445e-901e-2d307b323c44@github.com>
References: <ARJUp1bpeVA8Dcv_UQZAeH03pyQZLzSzYX0lhg4zJGo=.93fc3584-de04-4118-a46d-016afe6c16c5@github.com>
 <GocsmGVsm_8BgRRte6tGr4BEt6IB4G0LNmfKt3XQ1MI=.dced4e94-a81b-445e-901e-2d307b323c44@github.com>
Message-ID: <aUNmYQzA4kSo4mijdFqg3mNgjmX6QMSw0_3hbIQw7eE=.211d0f03-5256-4f7b-9621-ecdec6669b94@github.com>

On Wed, 17 Dec 2025 12:04:33 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> These test used to use the testng IContextTest API to stop tests after the first failure.
>> Usage of IContextTest has been replaced with a TestWatcher that records the first failure and uses Assumptions to prevent further test execution.
>> 
>> This is similar to what was done for the `java/net/httpclient/ThrowingPublishers*.java` tests in https://github.com/openjdk/jdk/pull/28846
>
> Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:
> 
>   small abstract class cleanup

Looks good to me.

-------------

Marked as reviewed by jpai (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28865#pullrequestreview-3591663069

From dfuchs at openjdk.org  Thu Dec 18 09:32:15 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 18 Dec 2025 09:32:15 GMT
Subject: RFR: 8373796: Refactor
 java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5 [v3]
In-Reply-To: <EuwmwITJXpHORrEO28-qiB7-zcIC5gd2QoLo6oeiRx0=.34022507-450c-4f65-b4c4-b57357094bc3@github.com>
References: <1KCdqnOboHD5YuKQRlGwhYsg6pI1oLFZJRLgj8Pyn6U=.5c0729ad-a8fe-4809-8d8b-f93612d6062f@github.com>
 <_TAdyoMHcFde3W9xYAe7_q2XC1EP3n3MLnGOub8XJ9E=.aef70ebc-c797-4798-9ecf-8e2f204ef42b@github.com>
 <EuwmwITJXpHORrEO28-qiB7-zcIC5gd2QoLo6oeiRx0=.34022507-450c-4f65-b4c4-b57357094bc3@github.com>
Message-ID: <qGVr4tBlvRdBg-cdQoDNnKL2ALA0jJnCnunMjvo54lc=.25047af4-e226-44ec-b6bb-196f1122bd0a@github.com>

On Thu, 18 Dec 2025 09:21:28 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>> 
>>  - Merge branch 'master' into JUnit-ThrowingPublishers-8373796
>>  - Minor cleanup
>>  - 8373796: Refactor java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5
>
> Marked as reviewed by jpai (Reviewer).

Thank you @jaikiran !

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28846#issuecomment-3669308604

From dfuchs at openjdk.org  Thu Dec 18 09:32:16 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 18 Dec 2025 09:32:16 GMT
Subject: Integrated: 8373796: Refactor
 java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5
In-Reply-To: <1KCdqnOboHD5YuKQRlGwhYsg6pI1oLFZJRLgj8Pyn6U=.5c0729ad-a8fe-4809-8d8b-f93612d6062f@github.com>
References: <1KCdqnOboHD5YuKQRlGwhYsg6pI1oLFZJRLgj8Pyn6U=.5c0729ad-a8fe-4809-8d8b-f93612d6062f@github.com>
Message-ID: <gSw3pKrD4YZR5_EWaFYW_aq5tVLrLdvlj9v3rUFU9uQ=.0d7d93d5-6872-471a-b28a-e73fc7e339ec@github.com>

On Tue, 16 Dec 2025 13:23:42 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> These test used to use the testng `IContextTest` API to stop tests after the first failure.
> @sormuras suggested an even more elegant way to do that with JUnit.
> Usage of IContextTest has been replaced with a `TestWatcher` that records the first failure and uses `Assumptions` to prevent further test execution. 
> 
> The rest of the changes were (almost) mechanical.

This pull request has now been integrated.

Changeset: c6da35d7
Author:    Daniel Fuchs <dfuchs at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/c6da35d7c7076aa9643b3dbf03a285420bb1003d
Stats:     196 lines in 9 files changed: 57 ins; 67 del; 72 mod

8373796: Refactor java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5

Reviewed-by: jpai

-------------

PR: https://git.openjdk.org/jdk/pull/28846

From dfuchs at openjdk.org  Thu Dec 18 09:36:01 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 18 Dec 2025 09:36:01 GMT
Subject: RFR: 8373866: Refactor
 java/net/httpclient/ThrowingSubscribers*.java tests to use JUnit5 [v2]
In-Reply-To: <aUNmYQzA4kSo4mijdFqg3mNgjmX6QMSw0_3hbIQw7eE=.211d0f03-5256-4f7b-9621-ecdec6669b94@github.com>
References: <ARJUp1bpeVA8Dcv_UQZAeH03pyQZLzSzYX0lhg4zJGo=.93fc3584-de04-4118-a46d-016afe6c16c5@github.com>
 <GocsmGVsm_8BgRRte6tGr4BEt6IB4G0LNmfKt3XQ1MI=.dced4e94-a81b-445e-901e-2d307b323c44@github.com>
 <aUNmYQzA4kSo4mijdFqg3mNgjmX6QMSw0_3hbIQw7eE=.211d0f03-5256-4f7b-9621-ecdec6669b94@github.com>
Message-ID: <k5Ctn56ev2OstyeMNqToUTAj7GmfX9yTtgJkJLPmHOs=.b415af9a-baaf-47d6-8666-58585d5bd932@github.com>

On Thu, 18 Dec 2025 09:25:49 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   small abstract class cleanup
>
> Looks good to me.

Thank you @jaikiran !

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28865#issuecomment-3669334109

From dfuchs at openjdk.org  Thu Dec 18 09:42:17 2025
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Thu, 18 Dec 2025 09:42:17 GMT
Subject: Integrated: 8373866: Refactor
 java/net/httpclient/ThrowingSubscribers*.java tests to use JUnit5
In-Reply-To: <ARJUp1bpeVA8Dcv_UQZAeH03pyQZLzSzYX0lhg4zJGo=.93fc3584-de04-4118-a46d-016afe6c16c5@github.com>
References: <ARJUp1bpeVA8Dcv_UQZAeH03pyQZLzSzYX0lhg4zJGo=.93fc3584-de04-4118-a46d-016afe6c16c5@github.com>
Message-ID: <4jFENbte7Cs-8_C7Q4zDBziHjkVGeltBudcFeVm7xRs=.94c0ce9d-5523-4f80-ba9e-dfa36147d711@github.com>

On Wed, 17 Dec 2025 11:25:12 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

> These test used to use the testng IContextTest API to stop tests after the first failure.
> Usage of IContextTest has been replaced with a TestWatcher that records the first failure and uses Assumptions to prevent further test execution.
> 
> This is similar to what was done for the `java/net/httpclient/ThrowingPublishers*.java` tests in https://github.com/openjdk/jdk/pull/28846

This pull request has now been integrated.

Changeset: d8eb1259
Author:    Daniel Fuchs <dfuchs at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/d8eb1259f4c0d80861401612e9fc7def1466602e
Stats:     167 lines in 10 files changed: 54 ins; 39 del; 74 mod

8373866: Refactor java/net/httpclient/ThrowingSubscribers*.java tests to use JUnit5

Reviewed-by: jpai

-------------

PR: https://git.openjdk.org/jdk/pull/28865

From djelinski at openjdk.org  Thu Dec 18 11:29:42 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Thu, 18 Dec 2025 11:29:42 GMT
Subject: [jdk26] Integrated: 8373409:
 java/net/httpclient/http3/H3ErrorHandlingTest.java failed due to deadlock
In-Reply-To: <d4CVkaVQSX2riz5ne1rNkAjyoo8CvjV48rBwcd0kY34=.82087930-f80e-4b3e-a0e0-62496874652b@github.com>
References: <d4CVkaVQSX2riz5ne1rNkAjyoo8CvjV48rBwcd0kY34=.82087930-f80e-4b3e-a0e0-62496874652b@github.com>
Message-ID: <C7WOckwJtmfAX43zUOVhrRdHUrN89f8VuvGT8z8bX48=.c197e011-e87d-49ce-a7de-411ecc54f548@github.com>

On Wed, 17 Dec 2025 08:20:04 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> Hi all,
> 
> This pull request contains a backport of commit [386ad614](https://github.com/openjdk/jdk/commit/386ad61458a3901622b92ca56982d728c11b846a) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository.
> 
> The commit being backported was authored by Daniel Jeli?ski on 17 Dec 2025 and was reviewed by Daniel Fuchs.
> 
> Thanks!

This pull request has now been integrated.

Changeset: d4cf3051
Author:    Daniel Jeli?ski <djelinski at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/d4cf30517ebe27ba08c46f97fdeaad7456413d78
Stats:     57 lines in 2 files changed: 21 ins; 26 del; 10 mod

8373409: java/net/httpclient/http3/H3ErrorHandlingTest.java failed due to deadlock

Reviewed-by: dfuchs
Backport-of: 386ad61458a3901622b92ca56982d728c11b846a

-------------

PR: https://git.openjdk.org/jdk/pull/28862

From vyazici at openjdk.org  Thu Dec 18 12:49:23 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 18 Dec 2025 12:49:23 GMT
Subject: RFR: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext"
In-Reply-To: <VChai_0l1bvp_1UcvuwG_u6CfenLU3Z6TpDmMugZ1GQ=.00298120-c6ce-4668-8eb5-cd155bf67c53@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
 <VChai_0l1bvp_1UcvuwG_u6CfenLU3Z6TpDmMugZ1GQ=.00298120-c6ce-4668-8eb5-cd155bf67c53@github.com>
Message-ID: <pfvVjW9G9uYrV48l02BLdJ5Vy_VBAw1QxQ56HL3dGA0=.a5332238-5fca-4544-992a-ae15723d4719@github.com>

On Thu, 11 Dec 2025 13:01:53 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.
>
> I would prefer to split this PR into two fixes:
> 
>  - a first fix that simply adds the new API to SimpleSSLContext, without removing the old API.
>  - a second fix that do all the rest: remove the old API and update the tests.
>  
> This would allow us to easily backport the first fix, and new tests would not need adaptation when they are later being backported provided that the first fix has been backported first.
> 
> You could enjoy using dependent PRs for this :-)

@dfuch, @wangweij, thanks so much for reviews. Tier 1-2 are clear.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28765#issuecomment-3670114174

From vyazici at openjdk.org  Thu Dec 18 12:49:24 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 18 Dec 2025 12:49:24 GMT
Subject: Integrated: 8372661: Add a null-safe static factory method to
 "jdk.test.lib.net.SimpleSSLContext"
In-Reply-To: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
References: <g2mxar0e70OCXO4yVUFxZxs4ncfn1mNAI8ls6FgdE1U=.7d6e209d-c989-47f4-b4e8-24d06f601204@github.com>
Message-ID: <867fSx51nqO_caSs6XYj_VUAFCI9X5u-sPp60yhBTEo=.825cc1f8-6653-46f6-a3b0-4b3265e9158e@github.com>

On Thu, 11 Dec 2025 09:45:54 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> Overhauls `SimpleSSLContext` to remove the need for null checks at the call site, and to accept a key store file search path, which removes the need to copy-paste `SimpleSSLContext` just to change the search path.

This pull request has now been integrated.

Changeset: 629e4ac6
Author:    Volkan Yazici <vyazici at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/629e4ac6f45c87898f6a014f28a443c800413869
Stats:     95 lines in 1 file changed: 51 ins; 5 del; 39 mod

8372661: Add a null-safe static factory method to "jdk.test.lib.net.SimpleSSLContext"

Reviewed-by: dfuchs, weijun

-------------

PR: https://git.openjdk.org/jdk/pull/28765

From djelinski at openjdk.org  Thu Dec 18 13:21:21 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Thu, 18 Dec 2025 13:21:21 GMT
Subject: RFR: 8373877: QUIC connections are removed too early
In-Reply-To: <sEBmXKJ_NrSXS9_e389z3M5JvgtdcuN9sqG4Ps5EL3U=.d7dcc128-3e94-4187-8320-cb64d85a8a75@github.com>
References: <yZP2jcPttYZSyODIizT7TstyPTBb5paEpRxizYs1H0s=.d535373e-5c38-45a9-a22f-9edd1570fc6c@github.com>
 <sEBmXKJ_NrSXS9_e389z3M5JvgtdcuN9sqG4Ps5EL3U=.d7dcc128-3e94-4187-8320-cb64d85a8a75@github.com>
Message-ID: <yQTgqMLkn-vt1zV7F5RFzpYkYRUNeAExn_XNd4pursk=.1e0733a7-52fe-48fe-8fb3-4fd6bb9516f4@github.com>

On Wed, 17 Dec 2025 17:56:06 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> When a QUIC connection receives a CONNECTION_CLOSE frame, it is supposed to enter the draining state, where all incoming (reordered / replayed) packets are silently discarded. However, the current implementation removes the connection from the endpoint, and reordered/replayed packets trigger sending of a stateless reset instead. This patch fixes that issue.
>> 
>> I modified the `StatelessResetReceiptTest` to verify that the connection is still registered with the endpoint after it enters the draining state. The new test fails (most of the time) without the fix, passes with the fix.
>> 
>> Existing httpclient tests continue to pass.
>
> Looks good to me. We now only enter draining when we receive ConnectionCloseFrame, if we haven't sent ConnectionCloseFrame already.
> If we are already in draining state, nothing to do.
> If we are already in closing state, then we stay in closing state.
> Looks good.

Thanks @dfuch for the review.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28874#issuecomment-3670253507

From djelinski at openjdk.org  Thu Dec 18 13:21:23 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Thu, 18 Dec 2025 13:21:23 GMT
Subject: Integrated: 8373877: QUIC connections are removed too early
In-Reply-To: <yZP2jcPttYZSyODIizT7TstyPTBb5paEpRxizYs1H0s=.d535373e-5c38-45a9-a22f-9edd1570fc6c@github.com>
References: <yZP2jcPttYZSyODIizT7TstyPTBb5paEpRxizYs1H0s=.d535373e-5c38-45a9-a22f-9edd1570fc6c@github.com>
Message-ID: <CMQfGI-I5ID01lFSEOn1Kb3x-6U6skNU3V1AzQQ5ML4=.71aa0a93-df4e-4f93-aef2-91cf7978b9c1@github.com>

On Wed, 17 Dec 2025 15:53:01 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

> When a QUIC connection receives a CONNECTION_CLOSE frame, it is supposed to enter the draining state, where all incoming (reordered / replayed) packets are silently discarded. However, the current implementation removes the connection from the endpoint, and reordered/replayed packets trigger sending of a stateless reset instead. This patch fixes that issue.
> 
> I modified the `StatelessResetReceiptTest` to verify that the connection is still registered with the endpoint after it enters the draining state. The new test fails (most of the time) without the fix, passes with the fix.
> 
> Existing httpclient tests continue to pass.

This pull request has now been integrated.

Changeset: 7a7e7c9a
Author:    Daniel Jeli?ski <djelinski at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/7a7e7c9ae11cb124c14d5d2d3b7e2f5649205106
Stats:     26 lines in 4 files changed: 18 ins; 4 del; 4 mod

8373877: QUIC connections are removed too early

Reviewed-by: dfuchs

-------------

PR: https://git.openjdk.org/jdk/pull/28874

From vyazici at openjdk.org  Thu Dec 18 13:53:15 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 18 Dec 2025 13:53:15 GMT
Subject: RFR: 8373515: Migrate "test/jdk/java/net/httpclient/" to null-safe
 "SimpleSSLContext" methods [v4]
In-Reply-To: <jODBufbtCDhCiI4q08shMw_DYJQ0HNXkykQPNh4H9uE=.8172693a-46c4-4601-93ac-20fa7cda9842@github.com>
References: <jODBufbtCDhCiI4q08shMw_DYJQ0HNXkykQPNh4H9uE=.8172693a-46c4-4601-93ac-20fa7cda9842@github.com>
Message-ID: <91z1GserVQHgwJNfH6VWSSERKpd7qtyAJL7dY2Ynh24=.da80636c-9d89-4467-985d-6f28fd3d63cc@github.com>

> Migrates `test/jdk/java/net/httpclient/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.
> 
> [JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661

Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:

 - Merge remote-tracking branch 'upstream/master' into simpleSslHc
 - Merge remote-tracking branch 'upstream/master' into simpleSslHc
 - Make sure `get()` returns the same instance
 - Restore `test/jdk/java/net/httpclient/` changes
 - Reverted all changes and only kept `SimpleSSLContext` enhancements
 - Overhaul `SimpleSSLContext` and its usages

-------------

Changes: https://git.openjdk.org/jdk/pull/28771/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28771&range=03
  Stats: 976 lines in 179 files changed: 53 ins; 665 del; 258 mod
  Patch: https://git.openjdk.org/jdk/pull/28771.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28771/head:pull/28771

PR: https://git.openjdk.org/jdk/pull/28771

From vyazici at openjdk.org  Thu Dec 18 13:53:08 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 18 Dec 2025 13:53:08 GMT
Subject: RFR: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to
 null-safe "SimpleSSLContext" methods [v3]
In-Reply-To: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
References: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
Message-ID: <7SvJreNEALBCOWRU94l0ZO1iXBH5_6wpRrG6LzzlIpY=.c5bfe288-86fa-4596-bed3-0ff6aaa4b468@github.com>

> Migrates `test/jdk/com/sun/net/httpserver/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.

Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:

 - Merge remote-tracking branch 'upstream/master' into simpleSslHs
 - Move `SSLContext::setDefault` to static blocks
 - Restore `test/jdk/com/sun/net/httpserver/` changes
 - Make sure `get()` returns the same instance
 - Reverted all changes and only kept `SimpleSSLContext` enhancements
 - Overhaul `SimpleSSLContext` and its usages

-------------

Changes: https://git.openjdk.org/jdk/pull/28800/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28800&range=02
  Stats: 52 lines in 15 files changed: 9 ins; 22 del; 21 mod
  Patch: https://git.openjdk.org/jdk/pull/28800.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28800/head:pull/28800

PR: https://git.openjdk.org/jdk/pull/28800

From vyazici at openjdk.org  Thu Dec 18 13:55:30 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Thu, 18 Dec 2025 13:55:30 GMT
Subject: RFR: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to
 null-safe "SimpleSSLContext" methods [v3]
In-Reply-To: <jQfz-mbbexuGkSM-xR3DZC43L3fDZJOHXanq0drVLrw=.807922d0-e56e-4eab-b9c5-5cc08e133a6c@github.com>
References: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
 <jQfz-mbbexuGkSM-xR3DZC43L3fDZJOHXanq0drVLrw=.807922d0-e56e-4eab-b9c5-5cc08e133a6c@github.com>
Message-ID: <memIgoUX_TeytaIZ80vzA7GD1ghsJAr4zdy3G7CMaRo=.1fefd7b3-32ff-480c-a54c-29bffeb44ff6@github.com>

On Mon, 15 Dec 2025 09:55:09 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:

>> Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:
>> 
>>  - Merge remote-tracking branch 'upstream/master' into simpleSslHs
>>  - Move `SSLContext::setDefault` to static blocks
>>  - Restore `test/jdk/com/sun/net/httpserver/` changes
>>  - Make sure `get()` returns the same instance
>>  - Reverted all changes and only kept `SimpleSSLContext` enhancements
>>  - Overhaul `SimpleSSLContext` and its usages
>
> test/jdk/com/sun/net/httpserver/HttpsParametersClientAuthTest.java line 172:
> 
>> 170:         // by the server
>> 171:         final SSLContext serverSSLCtx = new SimpleSSLContext().get();
>> 172:         assertNotNull(serverSSLCtx, "could not create SSLContext");
> 
> Minor: Do you think this might still happen? What do you think about adding this as a part of the first run test in case the initialisation fails? Just for debugging convenience

I will try adding a test that ensures `SimpleSSLContext` factory methods don't return null in [JDK-8373538].

[JDK-8373538]: https://bugs.openjdk.org/browse/JDK-8373538

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28800#discussion_r2631190873

From aefimov at openjdk.org  Thu Dec 18 14:14:50 2025
From: aefimov at openjdk.org (Aleksei Efimov)
Date: Thu, 18 Dec 2025 14:14:50 GMT
Subject: RFR: 8373808: Refactor java/net/httpclient qpack and hpack tests to
 use JUnit
Message-ID: <z7MliFjr8UT6V0NZLecpIoD8hRKRjyo1FaeHN9RPJ9I=.823d7071-1781-4471-97e8-9fd7cc962544@github.com>

The change below refactors QPack and HPack HttpClient tests to use the JUnit test framework instead of the TestNG one.
No failures of the modified tests seen with:
`make test TEST=open/test/jdk/java/net/httpclient/http2/Hpack*\ open/test/jdk/java/net/httpclient/qpack`

Test-framework stats after the modification:
QPack tests:
 `Framework-based tests: 2,385 = 0 TestNG + 2,385 JUnit`
HPack tests:
  `Framework-based tests: 108 = 0 TestNG + 108 JUnit`

-------------

Commit messages:
 - fix formatting
 - Merge branch 'master' into JDK-8373808_refactor_hqpack_junit
 - 8373808: Refactor java/net/httpclient qpack and hpack tests to use JUnit

Changes: https://git.openjdk.org/jdk/pull/28900/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28900&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373808
  Stats: 497 lines in 31 files changed: 99 ins; 70 del; 328 mod
  Patch: https://git.openjdk.org/jdk/pull/28900.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28900/head:pull/28900

PR: https://git.openjdk.org/jdk/pull/28900

From jpai at openjdk.org  Thu Dec 18 15:11:38 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 18 Dec 2025 15:11:38 GMT
Subject: RFR: 8373704: Improve
 "SocketException: Protocol family unavailable" message
In-Reply-To: <ZPS8yD-n8Y9YhT5OEfxW636qLx5LRIILMxrb-2Yz5fc=.4121acc4-895a-410f-bd42-8ee4e58699f8@github.com>
References: <ZPS8yD-n8Y9YhT5OEfxW636qLx5LRIILMxrb-2Yz5fc=.4121acc4-895a-410f-bd42-8ee4e58699f8@github.com>
Message-ID: <Evr8oJQ7aflATAJ1lj2JJLnyE7X0V2PIjXSjWdEixwM=.ddda26aa-4f75-4718-ba5c-070c0686de04@github.com>

On Tue, 16 Dec 2025 15:18:11 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

> In [JDK-8373676](https://bugs.openjdk.org/browse/JDK-8373676)
> we noticed a "SocketException: Protocol family unavailable" because of missing ipv6 support. We could improve this exception and tell that the ipv6 support is not available or something related.

src/java.base/unix/native/libnet/net_util_md.c line 285:

> 283:         jint address;
> 284:         if (family != java_net_InetAddress_IPv4) {
> 285:             JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException", "Protocol family ipv6, but ipv6 on machine unavailable");

Hello Matthias, just a drive-by comment. I haven't yet paid close attention to this proposal. If we are going to change this message, then perhaps just change it to `IPv6 protocol family unavailable`. 

Looking at the implementation of `ipv6_available()`, for it to return `false` and thus to throw this exception, either IPv6 isn't supported on that host or the `-Djava.net.preferIPv4Stack=true` system property is set. So I think it's better to leave out the IPv6 not available on machine part.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28851#discussion_r2631466333

From duke at openjdk.org  Thu Dec 18 15:47:09 2025
From: duke at openjdk.org (EunHyunsu)
Date: Thu, 18 Dec 2025 15:47:09 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <rHzyoFUcOEzP0BCXl_yW8Qtk5Dsr-DPt6s7SvNF9-v0=.ccdffa48-cda2-4ed6-8664-1d8bd498da58@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <wYgpM_9x8dc39fN_gBc84DuyINPd1Rso08uQyNFoJrM=.fcabb205-3e56-4316-a44a-bd79d1ca006d@github.com>
 <fT7LeciPDYuFtDJaxTb24dCSgYtuydnYTYXPajr2-TA=.6b748eb1-39b5-4421-b3ae-f54228c4e857@github.com>
 <KV_0ODWEkUTzLDoJDRvd6e7pAIT1k6yq9Z3OiPCFSnY=.8bfd5ece-79c7-4b19-b0f4-1ac6ca9093ea@github.com>
 <rHzyoFUcOEzP0BCXl_yW8Qtk5Dsr-DPt6s7SvNF9-v0=.ccdffa48-cda2-4ed6-8664-1d8bd498da58@github.com>
Message-ID: <Kw0bvH0DkWJPrgeRjgwoz_kt7CcBzJ2xH1OA19TAG3c=.1cf5e07f-edd7-47d9-b695-7bf33afceae2@github.com>

On Tue, 16 Dec 2025 10:27:57 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> @jaikiran I ran jdk_net tests locally. Results: 1047 passed, 1 failed.
>> 
>>   The failed test is `HTTPSetAuthenticatorTest` (HTTP/1.1 Authenticator test) with `SocketException: Connection reset`, which appears to be a flaky test unrelated to this PR's HTTP/2 GOAWAY changes. All HTTP/2 related tests passed successfully.
>
> Hello @ehs208, I'm investigating a intermittent test failure of the newly added test in our CI. I think the test will need a few adjustments. I haven't had a chance to go over the failure in its entirety. I will add some details here when I am done looking at that failure.

@jaikiran Hello, Just checking in on the intermittent test failure investigation. No rush, just wanted to see if there's any update or if there's anything I can help with. Thanks

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3670913741

From jpai at openjdk.org  Thu Dec 18 16:01:54 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Thu, 18 Dec 2025 16:01:54 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v7]
In-Reply-To: <Kw0bvH0DkWJPrgeRjgwoz_kt7CcBzJ2xH1OA19TAG3c=.1cf5e07f-edd7-47d9-b695-7bf33afceae2@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <UAktsODi78ZRUfYMGq1aJZviL169mnN61Q2oyeJyBtc=.665d4579-e086-4179-9cfe-96288014da07@github.com>
 <wYgpM_9x8dc39fN_gBc84DuyINPd1Rso08uQyNFoJrM=.fcabb205-3e56-4316-a44a-bd79d1ca006d@github.com>
 <fT7LeciPDYuFtDJaxTb24dCSgYtuydnYTYXPajr2-TA=.6b748eb1-39b5-4421-b3ae-f54228c4e857@github.com>
 <KV_0ODWEkUTzLDoJDRvd6e7pAIT1k6yq9Z3OiPCFSnY=.8bfd5ece-79c7-4b19-b0f4-1ac6ca9093ea@github.com>
 <rHzyoFUcOEzP0BCXl_yW8Qtk5Dsr-DPt6s7SvNF9-v0=.ccdffa48-cda2-4ed6-8664-1d8bd498da58@github.com>
 <Kw0bvH0DkWJPrgeRjgwoz_kt7CcBzJ2xH1OA19TAG3c=.1cf5e07f-edd7-47d9-b695-7bf33afceae2@github.com>
Message-ID: <C6YzdsqlmHpX_UUnzbj6BWe5M3pdaeqpduq7b8gcqi0=.8db66d77-456d-404b-8cb2-3a17ccb31a80@github.com>

On Thu, 18 Dec 2025 15:43:49 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> Hello @ehs208, I'm investigating a intermittent test failure of the newly added test in our CI. I think the test will need a few adjustments. I haven't had a chance to go over the failure in its entirety. I will add some details here when I am done looking at that failure.
>
> @jaikiran Hello, Just checking in on the intermittent test failure investigation. No rush, just wanted to see if there's any update or if there's anything I can help with. Thanks

Hello @ehs208, I'm still looking into it (with help from Daniel too), but mostly it's blocked on me. I will need some more time to get back to this, please. It's still on my priority list and I should have something soon.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3670975737

From mbaesken at openjdk.org  Thu Dec 18 16:39:06 2025
From: mbaesken at openjdk.org (Matthias Baesken)
Date: Thu, 18 Dec 2025 16:39:06 GMT
Subject: RFR: 8373704: Improve
 "SocketException: Protocol family unavailable" message [v2]
In-Reply-To: <ZPS8yD-n8Y9YhT5OEfxW636qLx5LRIILMxrb-2Yz5fc=.4121acc4-895a-410f-bd42-8ee4e58699f8@github.com>
References: <ZPS8yD-n8Y9YhT5OEfxW636qLx5LRIILMxrb-2Yz5fc=.4121acc4-895a-410f-bd42-8ee4e58699f8@github.com>
Message-ID: <jm8ra-AgLByXm9yLgaKItj8HZBMWixYi7JhubdAWUDM=.ec78681e-d484-458c-bb1a-434261c2623f@github.com>

> In [JDK-8373676](https://bugs.openjdk.org/browse/JDK-8373676)
> we noticed a "SocketException: Protocol family unavailable" because of missing ipv6 support. We could improve this exception and tell that the ipv6 support is not available or something related.

Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:

  Adjust the message as suggested by jaikiran

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28851/files
  - new: https://git.openjdk.org/jdk/pull/28851/files/ca4952cd..efaa1512

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28851&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28851&range=00-01

  Stats: 2 lines in 2 files changed: 0 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/28851.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28851/head:pull/28851

PR: https://git.openjdk.org/jdk/pull/28851

From djelinski at openjdk.org  Thu Dec 18 16:42:31 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Thu, 18 Dec 2025 16:42:31 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v8]
In-Reply-To: <k011X7ji_z8YFQd1_4UMZ9fE7HOdCHEADSwdH2J4w_A=.88c96147-ee34-40d6-8fa8-5a3cdf6d8a44@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <k011X7ji_z8YFQd1_4UMZ9fE7HOdCHEADSwdH2J4w_A=.88c96147-ee34-40d6-8fa8-5a3cdf6d8a44@github.com>
Message-ID: <0rPv_nMbKJweQrjzcsyCE5rkA0D46_f6_kqpe27kgiE=.5e900d3a-489d-4d41-9678-5ca25a9af5d4@github.com>

On Sat, 13 Dec 2025 05:18:57 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Address code review feedback

Occasionally more than one request fails with the GOAWAY exception. I suppose this might be because of a race between the thread that iterates over the list of streams, and another thread adding new streams to the list; the newly added streams may be missed by the iterator, and then are subsequently closed with the connection's termination cause. I only observed the failure 3 times in 2500 repeats.

The exception itself is not visible in the test output; printStackTrace helps a lot in diagnosing test failures, could you add it?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3671151592

From duke at openjdk.org  Thu Dec 18 18:05:37 2025
From: duke at openjdk.org (EunHyunsu)
Date: Thu, 18 Dec 2025 18:05:37 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v9]
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <QGwA9-vvCNl-fnvUO77bEfv-Tcs14NtIpf-K9wE3Y-o=.985f331f-e352-445c-b329-5a6ebc10201f@github.com>

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:

  8371903: Add printStackTrace() to GoAwayWithErrorTest

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28632/files
  - new: https://git.openjdk.org/jdk/pull/28632/files/566dfe23..574efae4

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=08
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=07-08

  Stats: 1 line in 1 file changed: 1 ins; 0 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/28632.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28632/head:pull/28632

PR: https://git.openjdk.org/jdk/pull/28632

From duke at openjdk.org  Thu Dec 18 18:19:58 2025
From: duke at openjdk.org (EunHyunsu)
Date: Thu, 18 Dec 2025 18:19:58 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v8]
In-Reply-To: <0rPv_nMbKJweQrjzcsyCE5rkA0D46_f6_kqpe27kgiE=.5e900d3a-489d-4d41-9678-5ca25a9af5d4@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <k011X7ji_z8YFQd1_4UMZ9fE7HOdCHEADSwdH2J4w_A=.88c96147-ee34-40d6-8fa8-5a3cdf6d8a44@github.com>
 <0rPv_nMbKJweQrjzcsyCE5rkA0D46_f6_kqpe27kgiE=.5e900d3a-489d-4d41-9678-5ca25a9af5d4@github.com>
Message-ID: <GIbUgShV_myk8b-Zmkp_sUdpMFc7_VaBme7qdipw0wc=.49772db5-f531-449c-a9c1-57c63cdc1718@github.com>

On Thu, 18 Dec 2025 16:39:12 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8371903: Address code review feedback
>
> Occasionally more than one request fails with the GOAWAY exception. I suppose this might be because of a race between the thread that iterates over the list of streams, and another thread adding new streams to the list; the newly added streams may be missed by the iterator, and then are subsequently closed with the connection's termination cause. I only observed the failure 3 times in 2500 repeats.
> 
> The exception itself is not visible in the test output; printStackTrace helps a lot in diagnosing test failures, could you add it?

Thank you @djelinski for finding this. I've added `e.printStackTrace()` to make the exception visible in test output.

If I understand correctly, the issue might be a race between `streams.forEach()` in `handleGoAwayWithError()` and other threads adding new streams. If streams 3 and 5 get added while forEach is running (or just after it finishes), they would miss the `closeAsUnprocessed()` call and get closed with the GOAWAY cause instead. Is that the scenario you're thinking of?

The printStackTrace should help confirm what's actually happening. Let me know if there's anything else I should add.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3671535706

From michaelm at openjdk.org  Thu Dec 18 21:15:42 2025
From: michaelm at openjdk.org (Michael McMahon)
Date: Thu, 18 Dec 2025 21:15:42 GMT
Subject: RFR: 8373893: Refactor networking http server tests
Message-ID: <lkqASAC3cpZg1_vWCnrUodZDX9LoEwN0vcs-T9CP3EY=.63ae489b-b7b7-4773-9a6b-39da13c6863d@github.com>

Hi,

This is an update to the httpserver networking tests to change the usage of testng to junit.

Thanks,
Michael

-------------

Commit messages:
 - copyright update
 - output from tool modified for a few files

Changes: https://git.openjdk.org/jdk/pull/28908/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28908&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373893
  Stats: 1063 lines in 31 files changed: 252 ins; 169 del; 642 mod
  Patch: https://git.openjdk.org/jdk/pull/28908.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28908/head:pull/28908

PR: https://git.openjdk.org/jdk/pull/28908

From jpai at openjdk.org  Fri Dec 19 07:02:06 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Fri, 19 Dec 2025 07:02:06 GMT
Subject: RFR: 8374082: net_util.c should use logical && when setting
 IPv6_available
Message-ID: <N8n_5KYOyTra4Fwjvknn0ZF-g3YGHzEX3GxFBFa7CIU=.2696ced7-7f93-4cb0-b0de-e260fcbb63ac@github.com>

Can I please get a review of this change which replaces the use of `&` with `&&` in net_util.c?

As noted in https://bugs.openjdk.org/browse/JDK-8374082, the use of bitwise operator appears to be an oversight in that code.

tier1, tier2 testing passed without any issues after this change.

-------------

Commit messages:
 - use && instead of &

Changes: https://git.openjdk.org/jdk/pull/28918/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28918&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8374082
  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/28918.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28918/head:pull/28918

PR: https://git.openjdk.org/jdk/pull/28918

From alanb at openjdk.org  Fri Dec 19 07:16:50 2025
From: alanb at openjdk.org (Alan Bateman)
Date: Fri, 19 Dec 2025 07:16:50 GMT
Subject: RFR: 8374082: net_util.c should use logical && when setting
 IPv6_available
In-Reply-To: <N8n_5KYOyTra4Fwjvknn0ZF-g3YGHzEX3GxFBFa7CIU=.2696ced7-7f93-4cb0-b0de-e260fcbb63ac@github.com>
References: <N8n_5KYOyTra4Fwjvknn0ZF-g3YGHzEX3GxFBFa7CIU=.2696ced7-7f93-4cb0-b0de-e260fcbb63ac@github.com>
Message-ID: <XdFRJIxQgiEt2qSComQgCkUnrLTknZOt4lRjb635pbs=.3d57161d-9543-458b-9def-1667323fd13c@github.com>

On Fri, 19 Dec 2025 06:56:15 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

> Can I please get a review of this change which replaces the use of `&` with `&&` in net_util.c?
> 
> As noted in https://bugs.openjdk.org/browse/JDK-8374082, the use of bitwise operator appears to be an oversight in that code.
> 
> tier1, tier2 testing passed without any issues after this change.

Marked as reviewed by alanb (Reviewer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/28918#pullrequestreview-3597274938

From djelinski at openjdk.org  Fri Dec 19 08:28:58 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Fri, 19 Dec 2025 08:28:58 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v8]
In-Reply-To: <GIbUgShV_myk8b-Zmkp_sUdpMFc7_VaBme7qdipw0wc=.49772db5-f531-449c-a9c1-57c63cdc1718@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <k011X7ji_z8YFQd1_4UMZ9fE7HOdCHEADSwdH2J4w_A=.88c96147-ee34-40d6-8fa8-5a3cdf6d8a44@github.com>
 <0rPv_nMbKJweQrjzcsyCE5rkA0D46_f6_kqpe27kgiE=.5e900d3a-489d-4d41-9678-5ca25a9af5d4@github.com>
 <GIbUgShV_myk8b-Zmkp_sUdpMFc7_VaBme7qdipw0wc=.49772db5-f531-449c-a9c1-57c63cdc1718@github.com>
Message-ID: <EBotQISlG25kFEenSGoYtVL4Teyz84x_k7mt_muzZ9M=.a86ef921-380b-4191-81b2-b37cbfd428b2@github.com>

On Thu, 18 Dec 2025 18:16:50 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> Occasionally more than one request fails with the GOAWAY exception. I suppose this might be because of a race between the thread that iterates over the list of streams, and another thread adding new streams to the list; the newly added streams may be missed by the iterator, and then are subsequently closed with the connection's termination cause. I only observed the failure 3 times in 2500 repeats.
>> 
>> The exception itself is not visible in the test output; printStackTrace helps a lot in diagnosing test failures, could you add it?
>
> Thank you @djelinski for finding this. I've added `e.printStackTrace()` to make the exception visible in test output.
> 
> If I understand correctly, the issue might be a race between `streams.forEach()` in `handleGoAwayWithError()` and other threads adding new streams. If streams 3 and 5 get added while forEach is running (or just after it finishes), they would miss the `closeAsUnprocessed()` call and get closed with the GOAWAY cause instead. Is that the scenario you're thinking of?
> 
> The printStackTrace should help confirm what's actually happening. Let me know if there's anything else I should add.

Thanks @ehs208 for making the change. That's exactly the scenario I had in mind.

I observed 2 cases where the second failure had the same stack trace as the original one, and one case where the second failure had this stack trace:

java.util.concurrent.CompletionException: java.net.ProtocolException: Received GOAWAY with error code Protocol error (0x1): Test GOAWAY error from server
	at java.base/java.util.concurrent.CompletableFuture.wrapInCompletionException(CompletableFuture.java:323)
	at java.base/java.util.concurrent.CompletableFuture.encodeRelay(CompletableFuture.java:412)
	at java.base/java.util.concurrent.CompletableFuture.completeRelay(CompletableFuture.java:421)
	at java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1173)
	at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:531)
	at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1794)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1090)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:614)
	at java.base/java.lang.Thread.run(Thread.java:1516)
Caused by: java.net.ProtocolException: Received GOAWAY with error code Protocol error (0x1): Test GOAWAY error from server
	at java.net.http/jdk.internal.net.http.Http2TerminationCause$ProtocolError.<init>(Http2TerminationCause.java:247)
	at java.net.http/jdk.internal.net.http.Http2TerminationCause$ProtocolError.<init>(Http2TerminationCause.java:241)
	at java.net.http/jdk.internal.net.http.Http2TerminationCause.forH2Error(Http2TerminationCause.java:159)
	at java.net.http/jdk.internal.net.http.Http2Connection.handleGoAwayWithError(Http2Connection.java:1463)
	<the remainder of the stack trace is the same as the original exception>

It would be good to avoid these exceptions, and mark the relevant exchanges as unprocessed too.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3674074748

From duke at openjdk.org  Fri Dec 19 08:43:03 2025
From: duke at openjdk.org (EunHyunsu)
Date: Fri, 19 Dec 2025 08:43:03 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v8]
In-Reply-To: <EBotQISlG25kFEenSGoYtVL4Teyz84x_k7mt_muzZ9M=.a86ef921-380b-4191-81b2-b37cbfd428b2@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <k011X7ji_z8YFQd1_4UMZ9fE7HOdCHEADSwdH2J4w_A=.88c96147-ee34-40d6-8fa8-5a3cdf6d8a44@github.com>
 <0rPv_nMbKJweQrjzcsyCE5rkA0D46_f6_kqpe27kgiE=.5e900d3a-489d-4d41-9678-5ca25a9af5d4@github.com>
 <GIbUgShV_myk8b-Zmkp_sUdpMFc7_VaBme7qdipw0wc=.49772db5-f531-449c-a9c1-57c63cdc1718@github.com>
 <EBotQISlG25kFEenSGoYtVL4Teyz84x_k7mt_muzZ9M=.a86ef921-380b-4191-81b2-b37cbfd428b2@github.com>
Message-ID: <iEICrtovsJSzRJfFmZ1OaFzdzc2N6PcowzdfALxOHaQ=.4e4cf411-f8fc-4e83-849d-b6cc98e63f48@github.com>

On Fri, 19 Dec 2025 08:25:47 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> Thank you @djelinski for finding this. I've added `e.printStackTrace()` to make the exception visible in test output.
>> 
>> If I understand correctly, the issue might be a race between `streams.forEach()` in `handleGoAwayWithError()` and other threads adding new streams. If streams 3 and 5 get added while forEach is running (or just after it finishes), they would miss the `closeAsUnprocessed()` call and get closed with the GOAWAY cause instead. Is that the scenario you're thinking of?
>> 
>> The printStackTrace should help confirm what's actually happening. Let me know if there's anything else I should add.
>
> Thanks @ehs208 for making the change. That's exactly the scenario I had in mind.
> 
> I observed 2 cases where the second failure had the same stack trace as the original one, and one case where the second failure had this stack trace:
> 
> java.util.concurrent.CompletionException: java.net.ProtocolException: Received GOAWAY with error code Protocol error (0x1): Test GOAWAY error from server
> 	at java.base/java.util.concurrent.CompletableFuture.wrapInCompletionException(CompletableFuture.java:323)
> 	at java.base/java.util.concurrent.CompletableFuture.encodeRelay(CompletableFuture.java:412)
> 	at java.base/java.util.concurrent.CompletableFuture.completeRelay(CompletableFuture.java:421)
> 	at java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1173)
> 	at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:531)
> 	at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1794)
> 	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1090)
> 	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:614)
> 	at java.base/java.lang.Thread.run(Thread.java:1516)
> Caused by: java.net.ProtocolException: Received GOAWAY with error code Protocol error (0x1): Test GOAWAY error from server
> 	at java.net.http/jdk.internal.net.http.Http2TerminationCause$ProtocolError.<init>(Http2TerminationCause.java:247)
> 	at java.net.http/jdk.internal.net.http.Http2TerminationCause$ProtocolError.<init>(Http2TerminationCause.java:241)
> 	at java.net.http/jdk.internal.net.http.Http2TerminationCause.forH2Error(Http2TerminationCause.java:159)
> 	at java.net.http/jdk.internal.net.http.Http2Connection.handleGoAwayWithError(Http2Connection.java:1463)
> 	<the remainder of the stack trace is the same as the original exception>
> 
> It would be good to avoid these exceptions, and mark the relevant exchanges as unprocessed too.

@djelinski  Thanks for confirming the issue and providing the stack trace. That matches what I was thinking.

  Looking at this, it seems like the root cause is that new streams can be added to a connection that's already processing GOAWAY. I'm wondering what the best approach to fix this would be.

  **Option 1: Prevent new streams after GOAWAY**

  The cleanest solution might be to prevent new streams from being added to the connection once GOAWAY processing starts:

  ```java
  private void handleGoAwayWithError(final GoAwayFrame frame,
                                     final long lastProcessedStream,
                                     final int errorCode) {
      // ... error message construction ...

      final Http2TerminationCause cause = Http2TerminationCause.forH2Error(errorCode, errorMsg);

      // Mark connection as closing to reject new stream attempts
      // (New requests would automatically use a new connection)
      markAsClosing();  // or similar mechanism

      final AtomicInteger numUnprocessed = new AtomicInteger();

      streams.forEach((id, stream) -> {
          if (id > lastProcessedStream) {
              stream.closeAsUnprocessed();
              numUnprocessed.incrementAndGet();
          }
      });

      // ... debug logging ...

      close(cause);
  }


  Option 2: Defensive forEach
  Alternatively, we could check for late-arriving streams:


  streams.forEach((id, stream) -> {
      if (id > lastProcessedStream) {
          stream.closeAsUnprocessed();
          numUnprocessed.incrementAndGet();
      }
  });

  // Check again for streams that were added during the forEach
  streams.forEach((id, stream) -> {
      if (id > lastProcessedStream) {
          stream.closeAsUnprocessed();
      }
  });

  close(cause);


  The first approach seems cleaner since it addresses the root cause - streams shouldn't be added to a connection that's already closing. But I'm not sure if there are other considerations I'm missing. What do you think would be the right approach here?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3674116727

From djelinski at openjdk.org  Fri Dec 19 09:18:04 2025
From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=)
Date: Fri, 19 Dec 2025 09:18:04 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v9]
In-Reply-To: <QGwA9-vvCNl-fnvUO77bEfv-Tcs14NtIpf-K9wE3Y-o=.985f331f-e352-445c-b329-5a6ebc10201f@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <QGwA9-vvCNl-fnvUO77bEfv-Tcs14NtIpf-K9wE3Y-o=.985f331f-e352-445c-b329-5a6ebc10201f@github.com>
Message-ID: <5KDLe0R6M28_8kMJTJACkzI_-cruIr2a8ObsT3IWfqo=.f769f3be-47d8-4571-b9ca-1546cd5e01ed@github.com>

On Thu, 18 Dec 2025 18:05:37 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Problem
>> 
>>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
>> 
>>   ### Solution
>> 
>>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
>> 
>>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>>   2. **Preserves** error code and debug data in exception messages
>>   3. **Categorizes** streams based on `lastStreamId`:
>>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
>> 
>>   ### Changes
>> 
>>   **Core Implementation** (`Http2Connection.java`):
>>   - Modified `handleGoAway()` to check error code and route appropriately
>>   - Added `handleGoAwayWithError()` method that:
>>     - Extracts error code and debug data from GOAWAY frame
>>     - Creates meaningful error messages with error name, hex code, and debug data
>>     - Properly categorizes streams for retry or failure
>> 
>>   **Test Infrastructure**:
>>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>>   - `GoAwayWithErrorTest`: Verifies proper error propagation
>> 
>>   ### Example
>> 
>>   **Before:**
>>   IOException: Connection closed by peer
>> 
>>   **After:**
>>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
>> 
>>   ### Testing
>> 
>>   - New `GoAwayWithErrorTest` passes
>>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>>   - Backward compatible (no public API changes)
>
> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8371903: Add printStackTrace() to GoAwayWithErrorTest

Option 1: we already do that [here](https://github.com/openjdk/jdk/blob/574efae488865a22d551b834ee82e5dcd8b31022/src/java.net.http/share/classes/jdk/internal/net/http/Http2Connection.java#L1388); once finalStream is set, the connection will not accept more streams. But there's a short window after the stream is accepted, but before it's added to the map.
Option 2 won't work either. For all we know, the other thread might not be actively running on the CPU, so the second forEach would not be enough.

We need to cooperate with the other thread that adds the stream to the map; maybe we could put stateLock around `streams.forEach` and `close`, assuming it won't deadlock anywhere.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3674235247

From jpai at openjdk.org  Fri Dec 19 09:30:41 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Fri, 19 Dec 2025 09:30:41 GMT
Subject: RFR: 8374082: net_util.c should use logical && when setting
 IPv6_available
In-Reply-To: <N8n_5KYOyTra4Fwjvknn0ZF-g3YGHzEX3GxFBFa7CIU=.2696ced7-7f93-4cb0-b0de-e260fcbb63ac@github.com>
References: <N8n_5KYOyTra4Fwjvknn0ZF-g3YGHzEX3GxFBFa7CIU=.2696ced7-7f93-4cb0-b0de-e260fcbb63ac@github.com>
Message-ID: <QU2ESkpJpCJONgrRuriXUvEr1sZw8BBF55xryE4uGO4=.fd0df715-bda7-457b-9942-6d9831701a26@github.com>

On Fri, 19 Dec 2025 06:56:15 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

> Can I please get a review of this change which replaces the use of `&` with `&&` in net_util.c?
> 
> As noted in https://bugs.openjdk.org/browse/JDK-8374082, the use of bitwise operator appears to be an oversight in that code.
> 
> tier1, tier2 testing passed without any issues after this change.

Thank you Alan for the review. tier1, tier2 and tier3 continue to pass with this change and since this is a trivial change, I'll go ahead with the integration.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28918#issuecomment-3674274947

From jpai at openjdk.org  Fri Dec 19 09:34:57 2025
From: jpai at openjdk.org (Jaikiran Pai)
Date: Fri, 19 Dec 2025 09:34:57 GMT
Subject: Integrated: 8374082: net_util.c should use logical && when setting
 IPv6_available
In-Reply-To: <N8n_5KYOyTra4Fwjvknn0ZF-g3YGHzEX3GxFBFa7CIU=.2696ced7-7f93-4cb0-b0de-e260fcbb63ac@github.com>
References: <N8n_5KYOyTra4Fwjvknn0ZF-g3YGHzEX3GxFBFa7CIU=.2696ced7-7f93-4cb0-b0de-e260fcbb63ac@github.com>
Message-ID: <lEl4NoBEsVlbMziE4WxslVpYxuNfecIDk0Z4siV24_8=.0f23daa6-143b-4384-93be-134f3aa85d6a@github.com>

On Fri, 19 Dec 2025 06:56:15 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

> Can I please get a review of this change which replaces the use of `&` with `&&` in net_util.c?
> 
> As noted in https://bugs.openjdk.org/browse/JDK-8374082, the use of bitwise operator appears to be an oversight in that code.
> 
> tier1, tier2 testing passed without any issues after this change.

This pull request has now been integrated.

Changeset: 45cf0420
Author:    Jaikiran Pai <jpai at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/45cf042099aa64a94574d21cce0bdde215abf07b
Stats:     1 line in 1 file changed: 0 ins; 0 del; 1 mod

8374082: net_util.c should use logical && when setting IPv6_available

Reviewed-by: alanb

-------------

PR: https://git.openjdk.org/jdk/pull/28918

From duke at openjdk.org  Fri Dec 19 12:11:11 2025
From: duke at openjdk.org (EunHyunsu)
Date: Fri, 19 Dec 2025 12:11:11 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v10]
In-Reply-To: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
Message-ID: <Y_prH67VHpyVqsMDOOwBtoNfKMLRvD6wc9Y-mfDYoYk=.cec86ae6-cb3a-46ac-8258-ac8b290c4652@github.com>

> ### Problem
> 
>   When the HTTP/2 client receives a GOAWAY frame with a non-zero error code, the current implementation discards both the error code and debug data. Users only see generic "Connection closed by peer" errors without any information about why the server terminated the connection.
> 
>   ### Solution
> 
>   Per [RFC 9113 ?5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#section-5.4.1), a GOAWAY frame with a non-zero error code indicates a connection error requiring immediate closure. This fix:
> 
>   1. **Distinguishes** graceful shutdown (NO_ERROR) from connection errors
>   2. **Preserves** error code and debug data in exception messages
>   3. **Categorizes** streams based on `lastStreamId`:
>      - Streams with ID > `lastStreamId`: Marked as unprocessed for automatic retry
>      - Streams with ID ? `lastStreamId`: Failed with detailed error information
> 
>   ### Changes
> 
>   **Core Implementation** (`Http2Connection.java`):
>   - Modified `handleGoAway()` to check error code and route appropriately
>   - Added `handleGoAwayWithError()` method that:
>     - Extracts error code and debug data from GOAWAY frame
>     - Creates meaningful error messages with error name, hex code, and debug data
>     - Properly categorizes streams for retry or failure
> 
>   **Test Infrastructure**:
>   - `Http2TestServerConnection.sendGoAway(int, int, byte[])`: Supports custom error codes
>   - `Http2TestExchangeImpl.getServerConnection()`: Accessor for test handlers
>   - `GoAwayWithErrorTest`: Verifies proper error propagation
> 
>   ### Example
> 
>   **Before:**
>   IOException: Connection closed by peer
> 
>   **After:**
>   IOException: Received GOAWAY with error code Protocol error (0x1): Invalid HEADERS frame
> 
>   ### Testing
> 
>   - New `GoAwayWithErrorTest` passes
>   - Existing HTTP/2 tests unaffected (NO_ERROR path unchanged)
>   - Backward compatible (no public API changes)

EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:

  8371903: Use stateLock to synchronize stream iteration and connection closure

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28632/files
  - new: https://git.openjdk.org/jdk/pull/28632/files/574efae4..af092399

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=09
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28632&range=08-09

  Stats: 18 lines in 1 file changed: 8 ins; 3 del; 7 mod
  Patch: https://git.openjdk.org/jdk/pull/28632.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28632/head:pull/28632

PR: https://git.openjdk.org/jdk/pull/28632

From duke at openjdk.org  Fri Dec 19 12:11:13 2025
From: duke at openjdk.org (EunHyunsu)
Date: Fri, 19 Dec 2025 12:11:13 GMT
Subject: RFR: 8371903: HttpClient: improve handling of HTTP/2 GOAWAY frames
 with error code [v9]
In-Reply-To: <5KDLe0R6M28_8kMJTJACkzI_-cruIr2a8ObsT3IWfqo=.f769f3be-47d8-4571-b9ca-1546cd5e01ed@github.com>
References: <E04reZHzsPSTntIds9JoDOtu9GMkTurgxN4uqXkVCWw=.7f41e52a-1e87-4557-b0e9-49dcd987cf4e@github.com>
 <QGwA9-vvCNl-fnvUO77bEfv-Tcs14NtIpf-K9wE3Y-o=.985f331f-e352-445c-b329-5a6ebc10201f@github.com>
 <5KDLe0R6M28_8kMJTJACkzI_-cruIr2a8ObsT3IWfqo=.f769f3be-47d8-4571-b9ca-1546cd5e01ed@github.com>
Message-ID: <gi7uCirKGQHIEth4FqDc04glQO2ulLk2n3SSj1coT1I=.e080fbac-100b-4ab0-8b8a-88fb99888016@github.com>

On Fri, 19 Dec 2025 09:15:31 GMT, Daniel Jeli?ski <djelinski at openjdk.org> wrote:

>> EunHyunsu has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8371903: Add printStackTrace() to GoAwayWithErrorTest
>
> Option 1: we already do that [here](https://github.com/openjdk/jdk/blob/574efae488865a22d551b834ee82e5dcd8b31022/src/java.net.http/share/classes/jdk/internal/net/http/Http2Connection.java#L1388); once finalStream is set, the connection will not accept more streams. But there's a short window after the stream is accepted, but before it's added to the map.
> Option 2 won't work either. For all we know, the other thread might not be actively running on the CPU, so the second forEach would not be enough.
> 
> We need to cooperate with the other thread that adds the stream to the map; maybe we could put stateLock around `streams.forEach` and `close`, assuming it won't deadlock anywhere.

@djelinski   
 I've added `stateLock` around the `streams.forEach()` and `close()` in `handleGoAwayWithError()`.                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                               
This should prevent the race condition where streams get added to the map while forEach is running. Since `putStream()` already uses the same `stateLock`, any concurrent stream additions will now block until forEach and close() complete. 

The test passes locally, but I can't reproduce the intermittent failure (only happens 3/2500 times). Hopefully this fixes it.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
Just to confirm my understanding: the issue was that streams 3 and 5 could be added to the streams map during forEach execution, so they would miss the `closeAsUnprocessed()` call and get closed with the GOAWAY cause instead. By holding stateLock during forEach and close(), any concurrent `putStream()` calls will block until the connection is closed, at which point they'll fail the `isOpen()` check and the streams will automatically use a new connection. Is that correct?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28632#issuecomment-3674828661

From vyazici at openjdk.org  Fri Dec 19 13:01:50 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 19 Dec 2025 13:01:50 GMT
Subject: RFR: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to
 null-safe "SimpleSSLContext" methods [v3]
In-Reply-To: <oZNJ4xCWG4K-qzeCwy7g-TmKqGxVBJu7lk0I7p2UT4Q=.90a14804-6458-41ad-808c-c3beb9a29296@github.com>
References: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
 <GZ3zl_QB9oznu-2IAHwQBP5kJCMxUPCNR7VbOgl0ViA=.d3c0d18e-6d2f-4256-8dbe-75561af105bd@github.com>
 <oZNJ4xCWG4K-qzeCwy7g-TmKqGxVBJu7lk0I7p2UT4Q=.90a14804-6458-41ad-808c-c3beb9a29296@github.com>
Message-ID: <L-GEM5LnVt_HAkDF8lNSPzY-4YPCJ291tnpi0tkO1P4=.921d8182-49bc-4cfa-9f97-5cefd77ce9f0@github.com>

On Tue, 16 Dec 2025 10:33:11 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Volkan Yazici has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:
>> 
>>  - Merge remote-tracking branch 'upstream/master' into simpleSslHs
>>  - Move `SSLContext::setDefault` to static blocks
>>  - Restore `test/jdk/com/sun/net/httpserver/` changes
>>  - Make sure `get()` returns the same instance
>>  - Reverted all changes and only kept `SimpleSSLContext` enhancements
>>  - Overhaul `SimpleSSLContext` and its usages
>
> LGTM. Obviously don't integrate before [JDK-8372661](https://bugs.openjdk.org/browse/JDK-8372661).

@dfuch, thanks so much for the review.

- [JDK-8372661](https://bugs.openjdk.org/browse/JDK-8372661) is integrated
- `test/jdk/com/sun/net/httpserver/` tests pass on 49befaf6dc2

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28800#issuecomment-3674984247

From vyazici at openjdk.org  Fri Dec 19 13:01:52 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 19 Dec 2025 13:01:52 GMT
Subject: Integrated: 8373537: Migrate "test/jdk/com/sun/net/httpserver/" to
 null-safe "SimpleSSLContext" methods
In-Reply-To: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
References: <8xZroQZbEVXirYgCKhQfkPO5x1vUVQdHhIrokvijP2o=.569f7949-24c7-4d91-927a-fb56be1c542e@github.com>
Message-ID: <MpehPiKzmCtuudjFdvUl58z_QLULlpBNnlR7DoGXg_s=.56f727d8-10a8-408b-96af-e4e73bc36ff1@github.com>

On Fri, 12 Dec 2025 19:31:15 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> Migrates `test/jdk/com/sun/net/httpserver/` to null-safe `SimpleSSLContext` methods introduced in [JDK-8372661], which is a prerequisite for this change set.

This pull request has now been integrated.

Changeset: 14c93b2a
Author:    Volkan Yazici <vyazici at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/14c93b2afbf0135e872866c7f8468d9ce6df1e0d
Stats:     52 lines in 15 files changed: 9 ins; 22 del; 21 mod

8373537: Migrate "test/jdk/com/sun/net/httpserver/" to null-safe "SimpleSSLContext" methods

Reviewed-by: dfuchs

-------------

PR: https://git.openjdk.org/jdk/pull/28800

From vyazici at openjdk.org  Fri Dec 19 13:04:06 2025
From: vyazici at openjdk.org (Volkan Yazici)
Date: Fri, 19 Dec 2025 13:04:06 GMT
Subject: RFR: 8373538: Migrate all tests to null-safe "SimpleSSLContext"
 methods
Message-ID: <sCGLPJ2ukUUzfQpzoU0CIzVJBGaIJuJEgKFaJF_By5g=.1ca2a9a1-80c0-455a-a252-28753d80e5d0@github.com>

1. [JDK-8372661] introduced null-safe static factory methods to `SimpleSSLContext`
2. [JDK-8373515] migrated `test/jdk/java/net/httpclient/` to these new methods
3. [JDK-8373537] migrated `test/jdk/com/sun/net/httpserver/` to these new methods
4. This PR migrates all remaining `SimpleSSLContext` usages, *and* removes nullable `SimpleSSLContext` factory methods

[JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661
[JDK-8373515]: https://bugs.openjdk.org/browse/JDK-8373515
[JDK-8373537]: https://bugs.openjdk.org/browse/JDK-8373537

-------------

Commit messages:
 - Merge remote-tracking branch 'upstream/master' into simpleSslRest
 - Restore all non-`httpclient`, non-`httpserver` changes in `test/`
 - Make sure `get()` returns the same instance
 - Reverted all changes and only kept `SimpleSSLContext` enhancements
 - Overhaul `SimpleSSLContext` and its usages

Changes: https://git.openjdk.org/jdk/pull/28905/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28905&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8373538
  Stats: 63 lines in 11 files changed: 0 ins; 39 del; 24 mod
  Patch: https://git.openjdk.org/jdk/pull/28905.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28905/head:pull/28905

PR: https://git.openjdk.org/jdk/pull/28905

From myankelevich at openjdk.org  Fri Dec 19 15:55:31 2025
From: myankelevich at openjdk.org (Mikhail Yankelevich)
Date: Fri, 19 Dec 2025 15:55:31 GMT
Subject: RFR: 8373538: Migrate all tests to null-safe "SimpleSSLContext"
 methods
In-Reply-To: <sCGLPJ2ukUUzfQpzoU0CIzVJBGaIJuJEgKFaJF_By5g=.1ca2a9a1-80c0-455a-a252-28753d80e5d0@github.com>
References: <sCGLPJ2ukUUzfQpzoU0CIzVJBGaIJuJEgKFaJF_By5g=.1ca2a9a1-80c0-455a-a252-28753d80e5d0@github.com>
Message-ID: <d76AoszcizK3GR6jzZGe2QF2dEmagaij3KcEJvdfu5I=.a068611e-fd86-4eb1-b462-055e6b8a04fb@github.com>

On Thu, 18 Dec 2025 18:32:57 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:

> 1. [JDK-8372661] introduced null-safe static factory methods to `SimpleSSLContext`
> 2. [JDK-8373515] migrated `test/jdk/java/net/httpclient/` to these new methods
> 3. [JDK-8373537] migrated `test/jdk/com/sun/net/httpserver/` to these new methods
> 4. This PR migrates all remaining `SimpleSSLContext` usages, *and* removes nullable `SimpleSSLContext` factory methods
> 
> [JDK-8372661]: https://bugs.openjdk.org/browse/JDK-8372661
> [JDK-8373515]: https://bugs.openjdk.org/browse/JDK-8373515
> [JDK-8373537]: https://bugs.openjdk.org/browse/JDK-8373537

test/lib/jdk/test/lib/net/SimpleSSLContext.java line 30:

> 28: import java.util.*;
> 29: import java.io.*;
> 30: import java.security.*;

nit: Could you please convert wildcard imports?

test/lib/jdk/test/lib/net/SimpleSSLContext.java line 42:

> 40:     private static final String DEFAULT_KEY_STORE_FILE_REL_PATH = "jdk/test/lib/net/testkeys";
> 41: 
> 42:     private SimpleSSLContext() {}

Is there any particular reason for an empty constructor here? Can't you just remove it?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28905#discussion_r2635519481
PR Review Comment: https://git.openjdk.org/jdk/pull/28905#discussion_r2635516135