RFR: 8349910: Implement JEP 517: HTTP/3 for the HTTP Client API [v9]

Daniel Jeliński djelinski at openjdk.org
Thu Jun 26 17:38:44 UTC 2025


On Thu, 26 Jun 2025 16:57:53 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 525 commits:
>> 
>>  - merge latest changes from master branch
>>  - http3: run H3StreamLimitReachedTest.java with -Djdk.httpclient.http3.maxStreamLimitTimeout=0 too
>>  - retry the ResetControlStream test as needed
>>  - http3: fix pending connection and reconnection on stream limit reached logic
>>  - http3: pending acknowledgement should be registered before actually sending the packet
>>  - http3: fix race with ping requests in PacketSpaceManager.java causing intermittent failures in H3ErrorHandlingTest.java
>>  - http3: improve exceptions in Http3ServerExchange.java
>>  - http3: fix exception handling in CancelRequestTest.java
>>  - http3: review feedback - revert HPACK.java
>>  - Implement X509TrustManagerImpl#checkClientTrusted for QUIC
>>  - ... and 515 more: https://git.openjdk.org/jdk/compare/5a1301df...0229c215
>
> src/java.base/share/classes/jdk/internal/net/quic/QuicTLSContext.java line 70:
> 
>> 68:         if (!(underlyingImpl instanceof SSLContextImpl ssci)) {
>> 69:             return false;
>> 70:         }
> 
> Would there be a way to check the implementation of the X509TrustManager here too? Or can we only do that later on during the handshake?

that's what the `isUsableWithQuic` method below does.

> src/java.base/share/classes/jdk/internal/net/quic/QuicTLSContext.java line 126:
> 
>> 124:      *
>> 125:      * @param peerHost The peer hostname or IP address. Can be null.
>> 126:      * @param peerPort The peer port, can be -1 if the port is unknown
> 
> Would that be the hostname in the URI, or in the AltService?
> Maybe we could add an `@apiNote` here to clarify it.

Well the javadoc here was written to match the one on SSLContext#createSSLEngine. The peer information is used for caching, but it's also used in the SNI extension, so ideally users should use the URI address, not the alt service one.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2169562950
PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2169561558


More information about the net-dev mailing list