On Thu, 26 Jun 2025 17:36:21 GMT, Daniel Jeliński <[email protected]> wrote:
>> src/java.base/share/classes/jdk/internal/net/quic/QuicTLSContext.java line
>> 70:
>>
>>> 68: if (!(underlyingImpl instanceof SSLContextImpl ssci)) {
>>> 69: return false;
>>> 70: }
>>
>> Would there be a way to check the implementation of the X509TrustManager
>> here too? Or can we only do that later on during the handshake?
>
> that's what the `isUsableWithQuic` method below does.
Oh! I had missed that. Very good then!
>> src/java.base/share/classes/jdk/internal/net/quic/QuicTLSContext.java line
>> 126:
>>
>>> 124: *
>>> 125: * @param peerHost The peer hostname or IP address. Can be null.
>>> 126: * @param peerPort The peer port, can be -1 if the port is unknown
>>
>> Would that be the hostname in the URI, or in the AltService?
>> Maybe we could add an `@apiNote` here to clarify it.
>
> Well the javadoc here was written to match the one on
> SSLContext#createSSLEngine. The peer information is used for caching, but
> it's also used in the SNI extension, so ideally users should use the URI
> address, not the alt service one.
OK. Maybe that would deserve a note - since with HTTP/3 we have potentially two
addresses and two ports.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2169650283
PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2169653256
