On Tue, 22 Apr 2025 16:21:30 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Daniel Fuchs has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 525 commits: >> >> - merge latest changes from master branch >> - http3: run H3StreamLimitReachedTest.java with >> -Djdk.httpclient.http3.maxStreamLimitTimeout=0 too >> - retry the ResetControlStream test as needed >> - http3: fix pending connection and reconnection on stream limit reached >> logic >> - http3: pending acknowledgement should be registered before actually >> sending the packet >> - http3: fix race with ping requests in PacketSpaceManager.java causing >> intermittent failures in H3ErrorHandlingTest.java >> - http3: improve exceptions in Http3ServerExchange.java >> - http3: fix exception handling in CancelRequestTest.java >> - http3: review feedback - revert HPACK.java >> - Implement X509TrustManagerImpl#checkClientTrusted for QUIC >> - ... and 515 more: https://git.openjdk.org/jdk/compare/5a1301df...0229c215 > > src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 221: > >> 219: chc.peerSupportedAuthorities.clone(), >> 220: engine); >> 221: // TODO should we have a method that can take QuicTLSEngine? > > Yes, I think we should have a method for `QuicTLSEngine` in > `X509KeyManagerImpl`. In that new method we should use session's > `peerSupportedSignAlgs` to construct algorithm constraints the same way we do > it for `SSLSocketImpl` and for `SSLEngineImpl`. This is per TLSv1.3 RFC: > https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3 Done in 1b75ef8b8579f4f8682bff28f40ed394401e8805 ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2169578294
