Fwd: Re: Update: JEP 249 (OCSP Stapling for TLS)

Xuelei Fan xuelei.fan at oracle.com
Sun Jul 19 00:41:40 UTC 2015

Hi Jamil,

Looks fine to me.  Maybe, a few implementation issues still need to be
addressed, it's OK to me if they get addressed in JDK 9 later in new bugs.

Thank you!


On 7/18/2015 3:19 AM, Jamil Nimeh wrote:
> Sorry for not being explicit about the changes that went into webrev.2,
> but I've listed them below:
>   * The StatusResponseManager to do cache checking from the main thread
>     rather than a worker thread
>   * A fix in ServerHandshaker's selection of the CertStatusReqItemV2
>     where I wasn't properly picking the first instance of an item type
>     of "ocsp" (as opposed to ocsp_multi, which always get the first
>     instance).  Type ocsp_multi will still supersede ocsp types, however.
>   * A spec change to ExtendedSSLSession.getStatusResponses() to clarify
>     the meaning of zero-length byte arrays in the returned list.
> http://cr.openjdk.java.net/~jnimeh/reviews/8046321/webrev.2
> Thanks,
> --Jamil
>> On 07/11/2015 02:16 PM, Jamil Nimeh wrote:
>>> Hello all,
>>> I have an updated webrev for OCSP stapling which incorporates comments
>>> thus far and a few bug fixes and tests.
>>> webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8046321/webrev.2
>>> JEP: https://bugs.openjdk.java.net/browse/JDK-8046321
>>> Thanks,
>>> --Jamil

More information about the security-dev mailing list