Re: (3rd Round) Proposed API Changes for JEP 114: TLS Server Name Indication (SNI) Extension

[Brad Wetmore]

Still looking over the changes, but a few preliminary comments.
On 8/12/2012 5:50 AM, Xuelei Fan wrote:
Hi,

Please review the spec of JEP 114, TLS Server Name Indication (SNI)
Extension.

     http://cr.openjdk.java.net./~xuelei/7068321/webrev_spec.04/

Please read the README to help you understanding the the specification:

    http://cr.openjdk.java.net./~xuelei/7068321/README_04.txt

I forgot to mention this previously:

> Oracle provider now only supports one server name type, "host_name".
> The value of name is encoded as UTF-8 string.

RFC 6066 requires ASCII, earlier versions (RFC 4366) have this as UTF-8. 
 Do you want to allow for UTF-8 here?

The major differences comparing with previous webrev are:
1. client mode and server mode will use separated API set.
    For client, the related APIs are:
      setServerName(String type, String value)
      clearServerName(String type)
      disableServerName(String type)
      enableServerName(String type)
      isDisabledServerName(String type)
      getServerNames()

Please read my note on the 2nd round review before reading this, 
specifically the section that starts "I'm not following your confusion".

So wow, what happened here?  I thought we were so very close on 
finalizing the API, and it was just a matter of tweaking the wording to 
have a null value disable the type from being sent.

    setServerName(String type, String value) {
        if type == value
            throw IAE;
        if value == null
            map.remove(type);
            return;
        else if value.equals("")
            throw IAE;
        else
            map.put(value);
    }

Then in the Handshakers, only those type/values that are present in the 
map are be pulled out for constructing the SNI extensions.

If you want to go with this new API style with clear/disable/enable, I 
can see where you are coming from, but that was unexpected.  Before I 
review for accuracy, I want to make sure you really want to tweak things 
so extensively.  I think what you had previously fit the bill pretty well.

    For server side, the related APIs are:
      setServerNamePattern(String type, Pattern pattern)
      clearServerNamePattern(String type)
      getServerNamePatterns()

and same for this one.

I'll look over the rest once I get your answer to the above.

2. close the door to use the generated socket in client mode.

    SSLSocketFactory.createSocket(Socket s,
        InputStream consumed, boolean autoClose)

    The returned socket was set in server mode.

Brad