src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java ======================================================================
A key/trust manager would better to be immutable. private final ThreadLocal<Validator> clientValidator ... private final ThreadLocal<Validator> serverValidator ... ThreadLocal does not work here for some circumstance. In AIO programming, multiple connections may share the same thread. Better to keep key/trust manager and validator immutable. I think, using the status as a validate() method parameter, rather than update the validator status should work. Xuelei On 6/19/2015 8:27 AM, Jamil Nimeh wrote: > Hello all, > > I have a first cut at the OCSP stapling webrev posted for your review: > > JEP: https://bugs.openjdk.java.net/browse/JDK-8046321 > Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8046321/webrev.0/ > > A couple items to note: > > * I'm in the process of updating the JEP with some more details. I > should be done with these changes by tonight (PDT). > * Missing are some of the TLS end-to-end tests. These tests have been > coded and run outside the jtreg framework, but for some reason > things hang in jtreg. I've included some of the supporting classes > that these tests will use (CertificateBuilder.java and > SimpleOCSPResponder.java) so folks could review those if they're > interested. I will update the webrev and notify the list as soon as > I've got the tests working in jtreg. > > Thanks to everyone who has helped along the way. > > --Jamil > >
