Hi, here are some comments about what i was thinking:
http://cr.openjdk.java.net/~jnimeh/reviews/8046321/webrev.0/src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java.patch - Why not make the parsed message available ? If the client wan't to check it he need to parse/implement the handling again. http://cr.openjdk.java.net/~jnimeh/reviews/8046321/webrev.0/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java.patch - Why not allow to toggle each of the extensions individually ? I think after Heartbleed this would be an good idee + if (enableStatusRequestExtension) { + clientHelloMessage.addCertStatusReqListV2Extension(); + clientHelloMessage.addCertStatusRequestExtension(); + } http://cr.openjdk.java.net/~jnimeh/reviews/8046321/webrev.0/src/java.base/share/classes/sun/security/x509/PKIXExtensions.java.patch - Why to break the comments earlyer ?
