On Thu, 22 Dec 2022 14:56:16 GMT, Volker Simonis <simo...@openjdk.org> wrote:
>>> The same example with the 1000 connections being opened alternatively on >>> two different contexts will instead create 1000 `StatelessKey` instances: >> >> That's obviously not the expected behaviors. It is a good catch for the >> `static currentKeyID` issue. >> >> What do you think to move `SSLContextImpl.keyHashMap` into >> `SSLSessionContextImpl`? I would like to have SSLContextImpl focusing on >> configuration. > > Hi @XueleiFan, @ascarpino, > > Thank you for your reviews and comments. I think I've addressed all of your > suggestions in the latest version of the PR. > > There's just one more thing I had to change. Now that I've moved all the > logic to `SSLSessionContextImpl` I can't get a reference to `SSLContextImpl`s > secure random instance any more when creating a new `StatelessKey`. For > simplicity I've therefor decided to use the `KeyGenerator.init()` method > which doesn't require an extra secure random instance. > > If you think that it is important that the `KeyGenerator` uses the same > secure random instance like the corresponding `SSLContextImpl`, I can easily > change `SSLSessionContextImpl::getKey()` to take a `SecureRandom` argument > and pass `SSLContextImpl`s secure random instance down to > `SSLSessionContextImpl::getKey()` (and up to `StatelessKey::<init>`) when > calling `getKey()` from `KeyState::getCurrentKey()`. > > What do you think? > @simonis, I don't think @XueleiFan and I are going to finish reviews by > Friday. As Oracle has next week off, I suggest you update the copyrights to > 2023 and we can integrate next year one all the comments have been resolved. >From my understanding there hasn't been much left to resolve except using >`HandshakeContext`s secure random for the key generation in `StatelessKey` >and some minor initialization improvements in `SSLSessionContextImpl` which >I've just pushed both. So if you'll find some time to approve the PR this year it'll be great. Otherwise, it will be easy to update the copyright years if that will be last issue :) Thanks for your support and have a nice and peaceful end of year, Volker ------------- PR: https://git.openjdk.org/jdk/pull/11590
