RFR: 8349910: Implement JEP 517: HTTP/3 for the HTTP Client API [v14]

Daniel Fuchs dfuchs at openjdk.org
Tue Aug 26 17:51:56 UTC 2025


On Mon, 25 Aug 2025 15:58:08 GMT, Artur Barashev <abarashev at openjdk.org> wrote:

>> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 628 commits:
>> 
>>  - merge latest changes from master branch
>>  - http3: minor code cleanup
>>  - http3: HeadersLowerCaseTest.java should close the clients it creates
>>  - http3: add missing copyright in Http3ConnectionAccess and make the class final
>>  - http3: improved test coverage for ImmutableSSLSession
>>  - http3: make sure that abandonned HTTP/2 connections are closed
>>  - http3: CustomRequestPublisher.java test should take into account server config
>>  - Add QUIC support to SunX509 key manager, update copyrights
>>  - Move getAlgorithmConstraints to X509KeyManagerCertChecking, update to match surrounding code
>>  - Mark H3ErrorHndlingTest as intermittent
>>  - ... and 618 more: https://git.openjdk.org/jdk/compare/ae0dac43...719f471d
>
> src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java line 198:
> 
>> 196: 
>> 197:     // Gets algorithm constraints of QUIC TLS engine.
>> 198:     protected AlgorithmConstraints getAlgorithmConstraints(QuicTLSEngineImpl engine) {
> 
> Nit: To keep things consistent, let's move QuicTLSEngineImpl-specific methods under SSLEngine-specific methods here and in both key managers. Same as in `SSLAlgorithmConstraints`.

Done.

> src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java line 303:
> 
>> 301:     abstract String chooseServerAlias(String keyType,
>> 302:                                       X500Principal[] issuers,
>> 303:                                       QuicTLSEngineImpl quicTLSEngine);
> 
> Nit: To avoid any confusion, let's rename these methods to `chooseQuicClientAlias` and `chooseQuicServerAlias`. Also let's move them to the top of the file (under `isCheckingDisabled()` abstract method).

Done

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2301701835
PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2301705046


More information about the security-dev mailing list