On Fri, 30 Jan 2026 18:13:15 GMT, Artur Barashev <[email protected]> wrote:
>> I had a quick search of the existing cache. There are some global cache for >> default security parameters and configuration. For example, default trust >> anchor, default context and default managers. I think it is fine as >> default one always use the same configuration and can be shared. >> >> The compressed certificate cache looks different, as it is not for default >> key/cert configuration. Basically, the identity certificate is a property >> of key manager. It may be safer to manage the cache in key manager level >> instances. > > Yes, good point, it is different, I've done similar research. I'll look > closer into this, thanks! Some problems I can see with this approach though: > > - Such caching won't work with a 3rd party `X509ExtendedKeyManager` > implementations. > - `CertificateMessage` is not just a single certificate, it's the list of > certificate entries plus certificate_request_context. Logically such cache > doesn't belong to a KeyManager. Yes, a tricky case. Thank you @artur-oracle for considering this. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/28682#discussion_r2747699841
