RFR: 8280494: (D)TLS signature schemes [v13]

Sean Mullan mullan at openjdk.java.net
Mon Feb 7 20:03:14 UTC 2022 

On Fri, 4 Feb 2022 20:58:46 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> This update is to support signature schemes customization for individual (D)TLS connection.  Please review the CSR as well:
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
>> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
>> Release-note: https://bugs.openjdk.java.net/browse/JDK-8281290
>
> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
> 
>   correct null tags

Changes requested by mullan (Reviewer).

src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 47:

> 45:  * <p>
> 46:  * SSLParameters can be created via the constructors in this class.
> 47:  * Objects can also be obtained using the {@code getSSLParameters()}

Since you introduce the terms "pre-populated" and "connection populated" in the new methods, I think it would be useful to describe them up front in the summary, ex:

`{@code SSLParameter} objects can be created via the constructors in this class, and can be described as pre-populated objects. {@code SSLParameter} objects can also be obtained using the ... <list all the methods>, and can be described as connection populated objects."

src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 744:

> 742:      * the {@systemProperty jdk.tls.client.SignatureSchemes} and/or
> 743:      * {@systemProperty jdk.tls.server.SignatureSchemes} system properties to
> 744:      * customize the provider-specific default signature schemes.

This still doesn't say if the properties override the API. I would suggest adding a sentence: "If set, these properties will override the signature schemes returned by this method."

Similar comment in `setSignatureSchemes`.

src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 747:

> 745:      *
> 746:      * @return an array of signature scheme {@code Strings} or {@code null} if
> 747:      *         none have been set.  For non-null returns, this method willu

Typo, s/willu/will/

-------------

PR: https://git.openjdk.java.net/jdk/pull/7252

More information about the security-dev mailing list