On 12:23 Tue 20 Apr , Severin Gehwolf wrote: > Hi, > > Please review this OpenJDK 8u backport of the certificate_authorities > extensionj. The OpenJDK 11u patch didn't apply cleanly after path > unshuffeling, but was fairly trivial to resolve. Conflicts caused by: > > 1. X509Authentication.java copyright line conflict only. Resolved > manually. > 2. SSLContextTemplate.java private interface methods not allowed in > JDK 8. It's a JDK 9+ feature via JEP 213. Changed modifier to > default. Note: this is code used in tests only. > 3. TooManyCAs.java. Added -Djdk.tls.client.protocols=TLSv1.3 to the > test invocations since JDK 8u doesn't enable TLSv1.3 on the > client side by default. See JDK-8248721, CSR of the TLSv1.3 8u > backport. > > Other than that, the patch is identical to the OpenJDK 11.0.12 version > of this patch. > > This introduces a new system property, > jdk.tls.client.enableCAExtension, for compatibilty reasons. CSR has > been reused from the Oracle JDK backport. See below. > > Bug: https://bugs.openjdk.java.net/browse/JDK-8206925 > CSR: https://bugs.openjdk.java.net/browse/JDK-8248709 > webrev: > https://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8206925/jdk8/02/webrev/ > > Testing: sun/security/ssl tests and tier1. No new regressions. > New tests pass. > > Thoughts? > > Thanks, > Severin >
There are some odd whitespace differences showing up in the diff between the 8u & 11u versions of SSLContextTemplate.java, but seems ok. Approved. Please note that, where a manual backport bug is created, the fix request should go on the backport bug, so we don't have things split between two different bugs. Thanks, -- Andrew :) Senior Free Java Software Engineer OpenJDK Package Owner Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
signature.asc
Description: PGP signature