Ping? [8u] RFR: 8206925: Support the certificate_authorities extension
Severin Gehwolf
sgehwolf at redhat.com
Thu Apr 29 15:24:45 UTC 2021
Anyone?
On Tue, 2021-04-20 at 12:23 +0200, Severin Gehwolf wrote:
> Hi,
>
> Please review this OpenJDK 8u backport of the certificate_authorities
> extensionj. The OpenJDK 11u patch didn't apply cleanly after path
> unshuffeling, but was fairly trivial to resolve. Conflicts caused by:
>
> 1. X509Authentication.java copyright line conflict only. Resolved
> manually.
> 2. SSLContextTemplate.java private interface methods not allowed in
> JDK 8. It's a JDK 9+ feature via JEP 213. Changed modifier to
> default. Note: this is code used in tests only.
> 3. TooManyCAs.java. Added -Djdk.tls.client.protocols=TLSv1.3 to the
> test invocations since JDK 8u doesn't enable TLSv1.3 on the
> client side by default. See JDK-8248721, CSR of the TLSv1.3 8u
> backport.
>
> Other than that, the patch is identical to the OpenJDK 11.0.12
> version
> of this patch.
>
> This introduces a new system property,
> jdk.tls.client.enableCAExtension, for compatibilty reasons. CSR has
> been reused from the Oracle JDK backport. See below.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8206925
> CSR: https://bugs.openjdk.java.net/browse/JDK-8248709
> webrev:
> https://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8206925/jdk8/02/webrev/
>
> Testing: sun/security/ssl tests and tier1. No new regressions.
> New tests pass.
>
> Thoughts?
>
> Thanks,
> Severin
More information about the security-dev
mailing list