RFR: 8349910: Implement JEP 517: HTTP/3 for the HTTP Client API [v9]

Daniel Jeliński djelinski at openjdk.org
Thu Jun 26 17:44:48 UTC 2025


On Tue, 22 Apr 2025 16:21:30 GMT, Artur Barashev <abarashev at openjdk.org> wrote:

>> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 525 commits:
>> 
>>  - merge latest changes from master branch
>>  - http3: run H3StreamLimitReachedTest.java with -Djdk.httpclient.http3.maxStreamLimitTimeout=0 too
>>  - retry the ResetControlStream test as needed
>>  - http3: fix pending connection and reconnection on stream limit reached logic
>>  - http3: pending acknowledgement should be registered before actually sending the packet
>>  - http3: fix race with ping requests in PacketSpaceManager.java causing intermittent failures in H3ErrorHandlingTest.java
>>  - http3: improve exceptions in Http3ServerExchange.java
>>  - http3: fix exception handling in CancelRequestTest.java
>>  - http3: review feedback - revert HPACK.java
>>  - Implement X509TrustManagerImpl#checkClientTrusted for QUIC
>>  - ... and 515 more: https://git.openjdk.org/jdk/compare/5a1301df...0229c215
>
> src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 221:
> 
>> 219:                             chc.peerSupportedAuthorities.clone(),
>> 220:                     engine);
>> 221:             // TODO should we have a method that can take QuicTLSEngine?
> 
> Yes, I think we should have a method for `QuicTLSEngine` in `X509KeyManagerImpl`. In that new method we should use session's `peerSupportedSignAlgs` to construct algorithm constraints the same way we do it for `SSLSocketImpl` and for `SSLEngineImpl`. This is per TLSv1.3 RFC:
> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3

Done in 1b75ef8b8579f4f8682bff28f40ed394401e8805

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2169578294


More information about the net-dev mailing list