On Thu, 19 Feb 2026 15:53:18 GMT, Artur Barashev <[email protected]> wrote:
>> Implement certificate compression in TLS 1.3 using internally supported ZLIB >> compression algorithm. See RFC 8879 for more details: >> https://datatracker.ietf.org/doc/html/rfc8879 > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Bound the memory usage when decompressing CompressedCertificate src/java.base/share/classes/sun/security/ssl/CompressedCertificate.java line 165: > 163: byte[] compressedCertMsg; > 164: > 165: // Don't use cache if certificate_request_context is present. NIT: Can we add more to this comment that explains what certMsg[0] represents and why it avoids caching? src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java line 77: > 75: private final ReentrantLock contextLock = new ReentrantLock(); > 76: > 77: // Avoid compressing local certificates repeatedly for every > handshake. NIT: The existing comment explains the motivation, but can we also add a short note that this cache is per SSLContext and reasoning on the size ? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/28682#discussion_r2862279488 PR Review Comment: https://git.openjdk.org/jdk/pull/28682#discussion_r2862277431
