RFR: 8217633: Configurable extensions with system properties [v2]

Michele Da Meda duke at openjdk.org
Thu Feb 2 14:26:07 UTC 2023


On Tue, 26 Jan 2021 18:33:04 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Update copyright years to 2021
>
> Hi Bernd,
> 
> I agree with you that System property is not as useful to configure individual connections.  It is mostly used for corner cases that have interoperability or compatibility issues.  A general program should use APIs and the default system properties. 
> 
>> _Mailing list message from [Bernd Eckenfels](mailto:ecki at zusammenkunft.net) on [security-dev](mailto:security-dev at openjdk.java.net):_
>> 
>> Hello,
>> 
>> I wanted to mention again, that all those System property configurations are good, especially to resolve the update pains, but not really useful if you want to make configurations on a per-connection base. If you have to support multiple partners it can be a real pain to setup a common feature set or multiple instances. For this a generic feature setter for the context would be really useful. Most prominent recent example is the ca-extension, which only really makes sense if you also did programmatically configure a small list of trusted CAs.
>> 
> Yes,  ca-extension is an item I was thinking of to support in JDK.
> 
>> I also think it would overall clean up the code and give a good place for Javadoc all those options.
>> Not to mention the default could be tied to a few new context names.
>> 
> Currently, the system properties are documented in the JSSE Reference Guides.  But just as you know, it is as easy to follow.  I agree with you that it would be nice to have better place to have them all together.
> 
> Thank you for the review.
> 
> Regards,
> Xuelei
> 
> 
>> Gruss
>> Bernd
>> --
>> http://bernd.eckenfels.net

Hi @XueleiFan , i don't find this patch into latest OpenJDK 1.8 releases . Is there a plan to integrate this patch also into OpenJDK 1.8  ? (i see that OracleJDK 1.8 was updated)

-------------

PR: https://git.openjdk.org/jdk/pull/1752



More information about the security-dev mailing list