Ping? [8u] RFR: 8206925: Support the certificate_authorities extension
Severin Gehwolf
sgehwolf at redhat.com
Mon May 10 14:12:45 UTC 2021
Hi!
Would anyone be willing to review this?
Many thanks in advance!
Cheers,
Severin
On Thu, 2021-04-29 at 17:24 +0200, Severin Gehwolf wrote:
> Anyone?
>
> On Tue, 2021-04-20 at 12:23 +0200, Severin Gehwolf wrote:
> > Hi,
> >
> > Please review this OpenJDK 8u backport of the
> > certificate_authorities
> > extensionj. The OpenJDK 11u patch didn't apply cleanly after path
> > unshuffeling, but was fairly trivial to resolve. Conflicts caused
> > by:
> >
> > 1. X509Authentication.java copyright line conflict only. Resolved
> > manually.
> > 2. SSLContextTemplate.java private interface methods not allowed in
> > JDK 8. It's a JDK 9+ feature via JEP 213. Changed modifier to
> > default. Note: this is code used in tests only.
> > 3. TooManyCAs.java. Added -Djdk.tls.client.protocols=TLSv1.3 to the
> > test invocations since JDK 8u doesn't enable TLSv1.3 on the
> > client side by default. See JDK-8248721, CSR of the TLSv1.3 8u
> > backport.
> >
> > Other than that, the patch is identical to the OpenJDK 11.0.12
> > version
> > of this patch.
> >
> > This introduces a new system property,
> > jdk.tls.client.enableCAExtension, for compatibilty reasons. CSR has
> > been reused from the Oracle JDK backport. See below.
> >
> > Bug: https://bugs.openjdk.java.net/browse/JDK-8206925
> > CSR: https://bugs.openjdk.java.net/browse/JDK-8248709
> > webrev:
> > https://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8206925/jdk8/02/webrev/
> >
> > Testing: sun/security/ssl tests and tier1. No new regressions.
> > New tests pass.
> >
> > Thoughts?
> >
> > Thanks,
> > Severin
>
More information about the security-dev
mailing list