On Fri, 18 Apr 2025 13:05:24 GMT, Daniel Fuchs <dfu...@openjdk.org> wrote:
> Hi, > > Please find here a PR for the implementation of JEP [JDK-8291976: HTTP/3 for > the HTTP Client API](https://bugs.openjdk.org/browse/JDK-8291976). > > The CSR can be viewed at [JDK-8350588: Implement HTTP/3 for the HTTP Client > API](https://bugs.openjdk.org/browse/JDK-8350588) > > This JEP proposes to enhance the HttpClient implementation to support HTTP/3. > It adds a non-exposed / non-exported internal implementation of the QUIC > protocol based on DatagramChannel and the SunJSSE SSLContext provider. src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java line 265: > 263: // engine, localSupportedSignAlgs, false); > 264: // } else { > 265: // constraints = SSLAlgorithmConstraints.forEngine(engine, > false); We need these to check peer's certificate against constraints specified in `java.security` config file. It looks like `SSLAlgorithmConstraints` class would need a new `forQuicTLSEngine` method. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2054475193
