RFR: 8349910: Implement JEP 517: HTTP/3 for the HTTP Client API [v9]
Daniel Jeliński
djelinski at openjdk.org
Thu Jun 26 17:44:48 UTC 2025
On Tue, 22 Apr 2025 16:21:30 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 525 commits:
>>
>> - merge latest changes from master branch
>> - http3: run H3StreamLimitReachedTest.java with -Djdk.httpclient.http3.maxStreamLimitTimeout=0 too
>> - retry the ResetControlStream test as needed
>> - http3: fix pending connection and reconnection on stream limit reached logic
>> - http3: pending acknowledgement should be registered before actually sending the packet
>> - http3: fix race with ping requests in PacketSpaceManager.java causing intermittent failures in H3ErrorHandlingTest.java
>> - http3: improve exceptions in Http3ServerExchange.java
>> - http3: fix exception handling in CancelRequestTest.java
>> - http3: review feedback - revert HPACK.java
>> - Implement X509TrustManagerImpl#checkClientTrusted for QUIC
>> - ... and 515 more: https://git.openjdk.org/jdk/compare/5a1301df...0229c215
>
> src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 221:
>
>> 219: chc.peerSupportedAuthorities.clone(),
>> 220: engine);
>> 221: // TODO should we have a method that can take QuicTLSEngine?
>
> Yes, I think we should have a method for `QuicTLSEngine` in `X509KeyManagerImpl`. In that new method we should use session's `peerSupportedSignAlgs` to construct algorithm constraints the same way we do it for `SSLSocketImpl` and for `SSLEngineImpl`. This is per TLSv1.3 RFC:
> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3
Done in 1b75ef8b8579f4f8682bff28f40ed394401e8805
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2169578294
More information about the net-dev
mailing list