RFR: 8217633: Configurable extensions with system properties [v2]

[Xue-Lei Andrew Fan]

On Mon, 25 Jan 2021 22:27:25 GMT, Rajan Halade <rhalade at openjdk.org> wrote:

>> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Update copyright years to 2021
>
> Marked as reviewed by rhalade (Reviewer).

Hi Bernd,

I agree with you that System property is not as useful to configure individual connections.  It is mostly used for corner cases that have interoperability or compatibility issues.  A general program should use APIs and the default system properties. 

> _Mailing list message from [Bernd Eckenfels](mailto:ecki at zusammenkunft.net) on [security-dev](mailto:security-dev at openjdk.java.net):_
> 
> Hello,
> 
> I wanted to mention again, that all those System property configurations are good, especially to resolve the update pains, but not really useful if you want to make configurations on a per-connection base. If you have to support multiple partners it can be a real pain to setup a common feature set or multiple instances. For this a generic feature setter for the context would be really useful. Most prominent recent example is the ca-extension, which only really makes sense if you also did programmatically configure a small list of trusted CAs.
> 
Yes,  ca-extension is an item I was thinking of to support in JDK.

> I also think it would overall clean up the code and give a good place for Javadoc all those options.
> Not to mention the default could be tied to a few new context names.
> 
Currently, the system properties are documented in the JSSE Reference Guides.  But just as you know, it is as easy to follow.  I agree with you that it would be nice to have better place to have them all together.

Thank you for the review.

Regards,
Xuelei


> Gruss
> Bernd
> --
> http://bernd.eckenfels.net

-------------

PR: https://git.openjdk.java.net/jdk/pull/1752