On Tue, 22 Apr 2025 19:11:24 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> test/jdk/java/net/httpclient/http3/H3QuicTLSConnection.java line 96:
>>
>>> 94: //System.setProperty("javax.net.ssl.trustStore", KEYSTORE);
>>> 95: //System.setProperty("javax.net.ssl.trustStorePassword",
>>> PASSWORD);
>>> 96: SSLContext context = new SimpleSSLContext().get();
>>
>> FYI: We are moving away from using keystore files to generating keystores on
>> the fly as needed. `SimpleSSLContext` is using a keystore file.
>
> `MD5NotAllowedInTLS13CertificateSignature` contains an example.
A lot of (existing) HttpClient tests in `test/jdk/java/net/httpclient`
currently use this `SimpleSSLContext` construct to read the `testkeys` keystore
that's available in the JDK repo's test directory. Moving to a dynamically
created keystore instead of a keystore that's committed in the JDK repo seems
reasonable. I think it would be better to do that as a separate task in future,
since that would involve updating these existing tests to use this new
mechanism too.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2055484535
