On Thu, 14 Apr 2022 18:45:10 GMT, Daniel Fuchs <dfu...@openjdk.org> wrote:
>> java/net/httpclient/http2/TLSConnection.java has been observed failing (even >> though rarely) in test jobs. >> >> The issue is that the handler used on the the server sides maintains a >> volatile `sslSession` field which it sets when receiving a request, so that >> the client can check which SSLParameters were negotiated after receiving the >> response. >> However that field is set a little too late: after writing the request body >> bytes. This means that sometimes the client is able to receive the last byte >> before the server has updated the field, and can observe the previous value, >> which was set by the previous request. Checking of SSL parameters on the >> client side then usually fails, as it is looking at the wrong session. >> >> The proposed fix is very simple: just update the `sslSession` field a little >> earlier - before writing the response. > > Daniel Fuchs has updated the pull request incrementally with one additional > commit since the last revision: > > Copyright update LGTM ------------- Marked as reviewed by michaelm (Reviewer). PR: https://git.openjdk.java.net/jdk/pull/8249
