Ping? [8u] RFR: 8206925: Support the certificate_authorities extension
sgehwolf at redhat.com
Thu Apr 29 15:24:45 UTC 2021
On Tue, 2021-04-20 at 12:23 +0200, Severin Gehwolf wrote:
> Please review this OpenJDK 8u backport of the certificate_authorities
> extensionj. The OpenJDK 11u patch didn't apply cleanly after path
> unshuffeling, but was fairly trivial to resolve. Conflicts caused by:
> 1. X509Authentication.java copyright line conflict only. Resolved
> 2. SSLContextTemplate.java private interface methods not allowed in
> JDK 8. It's a JDK 9+ feature via JEP 213. Changed modifier to
> default. Note: this is code used in tests only.
> 3. TooManyCAs.java. Added -Djdk.tls.client.protocols=TLSv1.3 to the
> test invocations since JDK 8u doesn't enable TLSv1.3 on the
> client side by default. See JDK-8248721, CSR of the TLSv1.3 8u
> Other than that, the patch is identical to the OpenJDK 11.0.12
> of this patch.
> This introduces a new system property,
> jdk.tls.client.enableCAExtension, for compatibilty reasons. CSR has
> been reused from the Oracle JDK backport. See below.
> Bug: https://bugs.openjdk.java.net/browse/JDK-8206925
> CSR: https://bugs.openjdk.java.net/browse/JDK-8248709
> Testing: sun/security/ssl tests and tier1. No new regressions.
> New tests pass.
More information about the jdk8u-dev