[8u] RFR: 8206925: Support the certificate_authorities extension
Severin Gehwolf
sgehwolf at redhat.com
Tue Apr 20 10:23:49 UTC 2021
Hi,
Please review this OpenJDK 8u backport of the certificate_authorities
extensionj. The OpenJDK 11u patch didn't apply cleanly after path
unshuffeling, but was fairly trivial to resolve. Conflicts caused by:
1. X509Authentication.java copyright line conflict only. Resolved
manually.
2. SSLContextTemplate.java private interface methods not allowed in
JDK 8. It's a JDK 9+ feature via JEP 213. Changed modifier to
default. Note: this is code used in tests only.
3. TooManyCAs.java. Added -Djdk.tls.client.protocols=TLSv1.3 to the
test invocations since JDK 8u doesn't enable TLSv1.3 on the
client side by default. See JDK-8248721, CSR of the TLSv1.3 8u
backport.
Other than that, the patch is identical to the OpenJDK 11.0.12 version
of this patch.
This introduces a new system property,
jdk.tls.client.enableCAExtension, for compatibilty reasons. CSR has
been reused from the Oracle JDK backport. See below.
Bug: https://bugs.openjdk.java.net/browse/JDK-8206925
CSR: https://bugs.openjdk.java.net/browse/JDK-8248709
webrev: https://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8206925/jdk8/02/webrev/
Testing: sun/security/ssl tests and tier1. No new regressions.
New tests pass.
Thoughts?
Thanks,
Severin
More information about the security-dev
mailing list