RFR: 8217633: Configurable extensions with system properties [v2]
Michele Da Meda
duke at openjdk.org
Thu Feb 2 14:26:07 UTC 2023
On Tue, 26 Jan 2021 18:33:04 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update copyright years to 2021
>
> Hi Bernd,
>
> I agree with you that System property is not as useful to configure individual connections. It is mostly used for corner cases that have interoperability or compatibility issues. A general program should use APIs and the default system properties.
>
>> _Mailing list message from [Bernd Eckenfels](mailto:ecki at zusammenkunft.net) on [security-dev](mailto:security-dev at openjdk.java.net):_
>>
>> Hello,
>>
>> I wanted to mention again, that all those System property configurations are good, especially to resolve the update pains, but not really useful if you want to make configurations on a per-connection base. If you have to support multiple partners it can be a real pain to setup a common feature set or multiple instances. For this a generic feature setter for the context would be really useful. Most prominent recent example is the ca-extension, which only really makes sense if you also did programmatically configure a small list of trusted CAs.
>>
> Yes, ca-extension is an item I was thinking of to support in JDK.
>
>> I also think it would overall clean up the code and give a good place for Javadoc all those options.
>> Not to mention the default could be tied to a few new context names.
>>
> Currently, the system properties are documented in the JSSE Reference Guides. But just as you know, it is as easy to follow. I agree with you that it would be nice to have better place to have them all together.
>
> Thank you for the review.
>
> Regards,
> Xuelei
>
>
>> Gruss
>> Bernd
>> --
>> http://bernd.eckenfels.net
Hi @XueleiFan , i don't find this patch into latest OpenJDK 1.8 releases . Is there a plan to integrate this patch also into OpenJDK 1.8 ? (i see that OracleJDK 1.8 was updated)
-------------
PR: https://git.openjdk.org/jdk/pull/1752
More information about the security-dev
mailing list