8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl by jerboaa · Pull Request #808 · openjdk/jdk8u-dev

jerboaa · 2026-05-22T16:50:21Z

Unclean backport but should be fairly safe in prep for a cleaner backport of JDK-8284047. The patch is not clean because:

Some copyrights already being newer than in the original JDK 11u patch.
One hunk in jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java needed to be done manually.
test/jdk/java/net/httpclient/InvalidSSLContextTest.java not in 8u. httpclient is 11+
missing import of SocketException in jdk/test/javax/net/ssl/SSLSession/TestEnabledProtocols.java
changed paths to 11u

In general the changes are fairly trivial to resolve.

Testing

jdk/test/javax/net/ssl jdk/test/sun/net/www/protocol/https/ jdk/test/sun/security/ssl/ tests. No change to master[1].

Thoughts?

[1]

Test results: passed: 265; failed: 2; error: 1

Failures/Errors are:

sun/security/ssl/X509KeyManager/PreferredKey.java => fails in master too. Preexisting.
sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java => Error. Use -nativepath to specify the location of native code. Preexisting.
javax/net/ssl/compatibility/Compatibility.java => fails compilation on UseCase.java. Preexisting.

I confirm that I make this contribution in accordance with the OpenJDK Interim AI Policy.

Progress

Change must be properly reviewed (1 review required, with at least 1 Reviewer)
JDK-8259662 needs maintainer approval
Change must not contain extraneous whitespace
Commit message must refer to an issue
Change requires CSR request JDK-8259847 to be approved

Issues

JDK-8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl (Bug - P4)
JDK-8259847: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl (CSR)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk8u-dev.git pull/808/head:pull/808
$ git checkout pull/808

Update a local copy of the PR:
$ git checkout pull/808
$ git pull https://git.openjdk.org/jdk8u-dev.git pull/808/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 808

View PR using the GUI difftool:
$ git pr show -t 808

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk8u-dev/pull/808.diff

Using Webrev

Link to Webrev Comment

bridgekeeper · 2026-05-22T16:51:16Z

👋 Welcome back sgehwolf! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

openjdk · 2026-05-22T16:52:00Z

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

openjdk · 2026-05-22T16:52:16Z

This backport pull request has now been updated with issue from the original commit.

mlbridge · 2026-05-22T16:56:26Z

Webrevs

jerboaa · 2026-05-27T10:05:18Z

Adding a dependency on #804 so that a backport of JDK-8284047 can depend on this one with all the dependencies in place.

openjdk · 2026-05-27T14:36:22Z

⚠️ @jerboaa This pull request contains merges that bring in commits not present in the target repository. Since this is not a "merge style" pull request, these changes will be squashed when this pull request in integrated. If this is your intention, then please ignore this message. If you want to preserve the commit structure, you must change the title of this pull request to Merge <project>:<branch> where <project> is the name of another project in the OpenJDK organization (for example Merge jdk:master).

openjdk · 2026-05-27T15:29:39Z

@jerboaa Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information.

openjdk-notifier · 2026-06-02T08:29:31Z

The parent pull request that this pull request depends on has now been integrated and the target branch of this pull request has been updated. This means that changes from the dependent pull request can start to show up as belonging to this pull request, which may be confusing for reviewers. To remedy this situation, simply merge the latest changes from the new target branch into this pull request by running commands similar to these in the local repository for your personal fork:

git checkout 8259662-dont-wrap-socketexcpn-8u
git fetch https://git.openjdk.org/jdk8u-dev.git master
git merge FETCH_HEAD
# if there are conflicts, follow the instructions given by git merge
git commit -m "Merge master"
git push

openjdk · 2026-06-02T08:55:04Z

@jerboaa Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information.

jerboaa · 2026-06-02T09:08:07Z

Test results of the update (same failures as in the original comment, but 3 more tests added - that pass):

Passed: javax/net/ssl/ALPN/SSLEngineAlpnTest.java
Passed: javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java
Passed: javax/net/ssl/ALPN/SSLSocketAlpnTest.java
Passed: javax/net/ssl/ciphersuites/DisabledAlgorithms.java
Passed: javax/net/ssl/ciphersuites/ECCurvesconstraints.java
Passed: javax/net/ssl/compatibility/ClientHelloProcessing.java
FAILED: javax/net/ssl/compatibility/Compatibility.java
Passed: javax/net/ssl/FixingJavadocs/ComURLNulls.java
Passed: javax/net/ssl/FixingJavadocs/ImplicitHandshake.java
Passed: javax/net/ssl/FixingJavadocs/JavaxURLNulls.java
Passed: javax/net/ssl/FixingJavadocs/KMTMGetNothing.java
Passed: javax/net/ssl/FixingJavadocs/SSLSessionNulls.java
Passed: javax/net/ssl/FixingJavadocs/SSLSocketInherit.java
Passed: javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
Passed: javax/net/ssl/HttpsURLConnection/DelayDefaultContextLoading.java
Passed: javax/net/ssl/HttpsURLConnection/GetResponseCode.java
Passed: javax/net/ssl/interop/ClientHelloBufferUnderflowException.java
Passed: javax/net/ssl/interop/ClientHelloChromeInterOp.java
Passed: javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java
Passed: javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java
Passed: javax/net/ssl/sanity/ciphersuites/NoKerberos.java
Passed: javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
Passed: javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java
Passed: javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java
Passed: javax/net/ssl/sanity/pluggability/CheckSockFacExport1.java
Passed: javax/net/ssl/sanity/pluggability/CheckSockFacExport2.java
Passed: javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java
Passed: javax/net/ssl/sanity/CacertsExplorer.java
Passed: javax/net/ssl/ServerName/BestEffortOnLazyConnected.java
Passed: javax/net/ssl/ServerName/EndingDotHostname.java
Passed: javax/net/ssl/ServerName/IllegalSNIName.java
Passed: javax/net/ssl/ServerName/SSLEngineExplorer.java
Passed: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java
Passed: javax/net/ssl/ServerName/SSLEngineExplorerUnmatchedSNI.java
Passed: javax/net/ssl/ServerName/SSLEngineExplorerWithCli.java
Passed: javax/net/ssl/ServerName/SSLEngineExplorerWithSrv.java
Passed: javax/net/ssl/ServerName/SSLSocketConsistentSNI.java
Passed: javax/net/ssl/ServerName/SSLSocketExplorer.java
Passed: javax/net/ssl/ServerName/SSLSocketExplorerFailure.java
Passed: javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java
Passed: javax/net/ssl/ServerName/SSLSocketExplorerUnmatchedSNI.java
Passed: javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java
Passed: javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java
Passed: javax/net/ssl/ServerName/SSLSocketInconsistentSNI.java
Passed: javax/net/ssl/ServerName/SSLSocketSNISensitive.java
Passed: javax/net/ssl/SSLEngine/AcceptLargeFragments.java
Passed: javax/net/ssl/SSLEngine/ArgCheck.java
Passed: javax/net/ssl/SSLEngine/Arrays.java
Passed: javax/net/ssl/SSLEngine/ExtendedKeyEngine.java
Passed: javax/net/ssl/SSLEngine/ExtendedKeySocket.java
Passed: javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java
Passed: javax/net/ssl/SSLEngine/LargeBufs.java
Passed: javax/net/ssl/SSLEngine/LargePacket.java
Passed: javax/net/ssl/SSLEngine/NoAuthClientAuth.java
Passed: javax/net/ssl/SSLEngine/SSLEngineResultArgs.java
Passed: javax/net/ssl/SSLEngineResult/Deserialize.java
Passed: javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java
Passed: javax/net/ssl/SSLServerSocket/DefaultSSLServSocketFac.java
Passed: javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java
Passed: javax/net/ssl/SSLSession/JSSERenegotiate.java
Passed: javax/net/ssl/SSLSession/KeyManagerTrustManager.java
Passed: javax/net/ssl/SSLSession/RenegotiateTLS13.java
Passed: javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
Passed: javax/net/ssl/SSLSession/SessionCacheSizeTests.java
Passed: javax/net/ssl/SSLSession/SessionTimeOutTests.java
Passed: javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java
Passed: javax/net/ssl/SSLSession/TestEnabledProtocols.java
Passed: javax/net/ssl/SSLSocket/InputStreamClosure.java
Passed: javax/net/ssl/SSLSocket/OutputStreamClosure.java
Passed: javax/net/ssl/SSLSocket/Tls13PacketSize.java
Passed: javax/net/ssl/Stapling/HttpsUrlConnClient.java
Passed: javax/net/ssl/Stapling/SSLEngineWithStapling.java
Passed: javax/net/ssl/Stapling/SSLSocketWithStapling.java
Passed: javax/net/ssl/Stapling/StapleEnableProps.java
Passed: javax/net/ssl/templates/SSLEngineTemplate.java
Passed: javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java
Passed: javax/net/ssl/templates/SSLSocketTemplate.java
Passed: javax/net/ssl/TLS/TestJSSEClientDefaultProtocol.java
Passed: javax/net/ssl/TLS/TestJSSEClientProtocol.java
Passed: javax/net/ssl/TLS/TestJSSENoCommonProtocols.java
Passed: javax/net/ssl/TLS/TestJSSEServerProtocol.java
Passed: javax/net/ssl/TLS/TLSClientPropertyTest.java
Passed: javax/net/ssl/TLS/TLSDataExchangeTest.java
Passed: javax/net/ssl/TLS/TLSEnginesClosureTest.java
Passed: javax/net/ssl/TLS/TLSHandshakeTest.java
Passed: javax/net/ssl/TLS/TLSMFLNTest.java
Passed: javax/net/ssl/TLS/TLSNotEnabledRC4Test.java
Passed: javax/net/ssl/TLS/TLSRehandshakeTest.java
Passed: javax/net/ssl/TLS/TLSRehandshakeWithCipherChangeTest.java
Passed: javax/net/ssl/TLS/TLSRehandshakeWithDataExTest.java
Passed: javax/net/ssl/TLS/TLSUnsupportedCiphersTest.java
Passed: javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java
Passed: javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java
Passed: javax/net/ssl/TLSCommon/TLSTest.java
Passed: javax/net/ssl/TLSv1/TLSDataExchangeTest.java
Passed: javax/net/ssl/TLSv1/TLSEnginesClosureTest.java
Passed: javax/net/ssl/TLSv1/TLSHandshakeTest.java
Passed: javax/net/ssl/TLSv1/TLSMFLNTest.java
Passed: javax/net/ssl/TLSv1/TLSNotEnabledRC4Test.java
Passed: javax/net/ssl/TLSv1/TLSRehandshakeTest.java
Passed: javax/net/ssl/TLSv1/TLSRehandshakeWithCipherChangeTest.java
Passed: javax/net/ssl/TLSv1/TLSRehandshakeWithDataExTest.java
Passed: javax/net/ssl/TLSv1/TLSUnsupportedCiphersTest.java
Passed: javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
Passed: javax/net/ssl/TLSv11/ExportableBlockCipher.java
Passed: javax/net/ssl/TLSv11/ExportableStreamCipher.java
Passed: javax/net/ssl/TLSv11/GenericBlockCipher.java
Passed: javax/net/ssl/TLSv11/GenericStreamCipher.java
Passed: javax/net/ssl/TLSv11/TLSDataExchangeTest.java
Passed: javax/net/ssl/TLSv11/TLSEnginesClosureTest.java
Passed: javax/net/ssl/TLSv11/TLSHandshakeTest.java
Passed: javax/net/ssl/TLSv11/TLSMFLNTest.java
Passed: javax/net/ssl/TLSv11/TLSNotEnabledRC4Test.java
Passed: javax/net/ssl/TLSv11/TLSRehandshakeTest.java
Passed: javax/net/ssl/TLSv11/TLSRehandshakeWithCipherChangeTest.java
Passed: javax/net/ssl/TLSv11/TLSRehandshakeWithDataExTest.java
Passed: javax/net/ssl/TLSv11/TLSUnsupportedCiphersTest.java
Passed: javax/net/ssl/TLSv12/DisabledShortDSAKeys.java
Passed: javax/net/ssl/TLSv12/DisabledShortRSAKeys.java
Passed: javax/net/ssl/TLSv12/ProtocolFilter.java
Passed: javax/net/ssl/TLSv12/ShortRSAKey512.java
Passed: javax/net/ssl/TLSv12/ShortRSAKeyGCM.java
Passed: javax/net/ssl/TLSv12/SignatureAlgorithms.java
Passed: javax/net/ssl/TLSv12/TLSEnginesClosureTest.java
Passed: javax/net/ssl/Fix5070632.java
Passed: javax/net/ssl/GetInstance.java
Passed: sun/net/www/protocol/https/HttpsClient/ProxyAuthTest.java
Passed: sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/B6216082.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/B6226610.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/CheckMethods.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/CookieHandlerTest.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/HttpsCreateSockTest.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/HttpsPost.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/HttpsSocketFacTest.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/Identities.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/ImpactOnSNI.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/Redirect.java
Passed: sun/net/www/protocol/https/HttpsURLConnection/RetryHttps.java
Passed: sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java
Passed: sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java
Passed: sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java
Passed: sun/net/www/protocol/https/NewImpl/JavaxHTTPSConnection.java
Passed: sun/net/www/protocol/https/ChunkedOutputStream.java
Passed: sun/security/ssl/ALPN/AlpnGreaseTest.java
Passed: sun/security/ssl/AppInputStream/ReadBlocksClose.java
Passed: sun/security/ssl/AppInputStream/ReadHandshake.java
Passed: sun/security/ssl/AppInputStream/ReadZeroBytes.java
Passed: sun/security/ssl/AppInputStream/RemoveMarkReset.java
Passed: sun/security/ssl/AppOutputStream/NoExceptionOnClose.java
Passed: sun/security/ssl/CertPathRestrictions/TLSRestrictions.java
Passed: sun/security/ssl/CipherSuite/DisabledCurve.java
Passed: sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java
Passed: sun/security/ssl/CipherSuite/SSL_NULL.java
Passed: sun/security/ssl/ClientHandshaker/CipherSuiteOrder.java
Passed: sun/security/ssl/ClientHandshaker/LengthCheckTest.java
Passed: sun/security/ssl/ClientHandshaker/RSAExport.java
Passed: sun/security/ssl/DHKeyExchange/DHEKeySizing.java
Passed: sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java
Passed: sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java
Passed: sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java
Passed: sun/security/ssl/GenSSLConfigs/main.java
Passed: sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java
Passed: sun/security/ssl/HandshakeOutStream/NullCerts.java
Passed: sun/security/ssl/InputRecord/ClientHelloRead.java
Passed: sun/security/ssl/InputRecord/SSLSocketTimeoutNulls.java
Passed: sun/security/ssl/internal/TestRun.sh
Passed: sun/security/ssl/ProtocolVersion/HttpsProtocols.java
Passed: sun/security/ssl/rsa/BrokenRSAPrivateCrtKey.java
Passed: sun/security/ssl/rsa/SignatureOffsets.java
Passed: sun/security/ssl/rsa/SignedObjectChain.java
Passed: sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java
Passed: sun/security/ssl/ServerHandshaker/GetPeerHost.java
Passed: sun/security/ssl/ServerHandshaker/HelloExtensionsTest.java
Passed: sun/security/ssl/SignatureScheme/CustomizedClientSchemes.java
Passed: sun/security/ssl/SignatureScheme/CustomizedServerSchemes.java
Passed: sun/security/ssl/SignatureScheme/Tls13NamedGroups.java
Passed: sun/security/ssl/SocketCreation/SocketCreation.java
Passed: sun/security/ssl/spi/ProviderInit.java
Passed: sun/security/ssl/SSLContextImpl/BadKSProvider.java
Passed: sun/security/ssl/SSLContextImpl/BadTSProvider.java
Passed: sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java
Passed: sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
Passed: sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java
Passed: sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java
Passed: sun/security/ssl/SSLContextImpl/GoodProvider.java
Passed: sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java
Passed: sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java
Passed: sun/security/ssl/SSLContextImpl/NoOldVersionContext.java
Passed: sun/security/ssl/SSLContextImpl/NullGetAcceptedIssuers.java
Passed: sun/security/ssl/SSLContextImpl/SSLContextDefault.java
Passed: sun/security/ssl/SSLContextImpl/SSLContextVersion.java
Passed: sun/security/ssl/SSLContextImpl/TrustTrustedCert.java
Passed: sun/security/ssl/SSLEngineImpl/CloseEngineException.java
Passed: sun/security/ssl/SSLEngineImpl/CloseStart.java
Passed: sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java
Passed: sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java
Passed: sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java
Passed: sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java
Passed: sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java
Passed: sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java
Passed: sun/security/ssl/SSLEngineImpl/SSLEngineFailedALPN.java
Passed: sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java
Passed: sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java
Passed: sun/security/ssl/SSLSessionContextImpl/DefautlCacheSize.java
Passed: sun/security/ssl/SSLSessionContextImpl/Timeout.java
Passed: sun/security/ssl/SSLSessionImpl/HashCodeMissing.java
Passed: sun/security/ssl/SSLSessionImpl/InvalidateSession.java
Passed: sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java
Passed: sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java
Passed: sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java
Passed: sun/security/ssl/SSLSocketImpl/AsyncSSLSocketClose.java
Passed: sun/security/ssl/SSLSocketImpl/CheckMethods.java
Passed: sun/security/ssl/SSLSocketImpl/ClientModeClientAuth.java
Passed: sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java
Passed: sun/security/ssl/SSLSocketImpl/CloseSocket.java
Passed: sun/security/ssl/SSLSocketImpl/CloseSocketException.java
Passed: sun/security/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java
Passed: sun/security/ssl/SSLSocketImpl/LargePacketAfterHandshakeTest.java
Passed: sun/security/ssl/SSLSocketImpl/LoopbackSSLSocket.java
Passed: sun/security/ssl/SSLSocketImpl/NewSocketMethods.java
Passed: sun/security/ssl/SSLSocketImpl/NoImpactServerRenego.java
Passed: sun/security/ssl/SSLSocketImpl/NotifyHandshakeTest.sh
Passed: sun/security/ssl/SSLSocketImpl/RejectClientRenego.java
Passed: sun/security/ssl/SSLSocketImpl/ReuseAddr.java
Passed: sun/security/ssl/SSLSocketImpl/ReverseNameLookup.java
Passed: sun/security/ssl/SSLSocketImpl/ServerRenegoWithTwoVersions.java
Passed: sun/security/ssl/SSLSocketImpl/ServerTimeout.java
Passed: sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java
Passed: sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java
Passed: sun/security/ssl/SSLSocketImpl/SSLSocketClose.java
Passed: sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java
Passed: sun/security/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions.java
Passed: sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java
Error:  sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java
Passed: sun/security/ssl/SSLSocketImpl/SSLSocketReset.java
Passed: sun/security/ssl/SSLSocketImpl/SSLSocketShouldThrowSocketException.java
Passed: sun/security/ssl/SSLSocketImpl/UnconnectedSocketWrongExceptions.java
Passed: sun/security/ssl/Stapling/StatusResponseManager.sh
Passed: sun/security/ssl/X509KeyManager/CertificateAuthorities.java
Passed: sun/security/ssl/X509KeyManager/NullCases.java
FAILED: sun/security/ssl/X509KeyManager/PreferredKey.java
Passed: sun/security/ssl/X509KeyManager/SelectOneKeyOutOfMany.java
Passed: sun/security/ssl/X509TrustManagerImpl/distrust/Camerfirma.java
Passed: sun/security/ssl/X509TrustManagerImpl/distrust/Chunghwa.java
Passed: sun/security/ssl/X509TrustManagerImpl/distrust/Entrust.java
Passed: sun/security/ssl/X509TrustManagerImpl/distrust/Symantec.java
Passed: sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java
Passed: sun/security/ssl/X509TrustManagerImpl/CacertsLimit.java
Passed: sun/security/ssl/X509TrustManagerImpl/CertRequestOverflow.java
Passed: sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java
Passed: sun/security/ssl/X509TrustManagerImpl/ClientServer.java
Passed: sun/security/ssl/X509TrustManagerImpl/ComodoHacker.java
Passed: sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java
Passed: sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java
Passed: sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java
Passed: sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java
Passed: sun/security/ssl/X509TrustManagerImpl/X509ExtendedTMEnabled.java
Test results: passed: 264; failed: 2; error: 1

gnu-andrew · 2026-06-03T15:07:17Z

JDK-8239798: SSLSocket closes socket both socket endpoints on a SocketTimeoutException is not in 8u and this seems a fairly high-risk backport. Instead I've added relevant catch statements manually.

Can you elaborate on this? These look like two related patches which do the same thing with different exception types. I don't really see a case for saying the risk is fine to change the behaviour for SocketException (this change, 8259662), but not for InterruptedIOException (8239798). Also, of the two, this is the one with a CSR.

Both also appear to be regressions caused by importing the TLS v1.3 stack into 8u, so it would be a return to 8u's original behaviour at the time of GA, rather than new behaviour. There is an argument that it has now been so long that the current 8u behaviour is the expected behaviour, but again, that's an argument to not do both patches.

My current preference would be to do both. It looks like 8239798 was started and nearly integrated a long time ago. I didn't see any issues raised with the risk of it at that time.

gnu-andrew · 2026-06-03T15:10:17Z

sun/security/ssl/X509KeyManager/PreferredKey.java => fails in master too. Preexisting.

This could be JDK-8384815 which is currently open on PR for 11u. I'll take a look at the status of that one.

jerboaa · 2026-06-03T16:26:05Z

JDK-8239798: SSLSocket closes socket both socket endpoints on a SocketTimeoutException is not in 8u and this seems a fairly high-risk backport. Instead I've added relevant catch statements manually.

Can you elaborate on this? These look like two related patches which do the same thing with different exception types. I don't really see a case for saying the risk is fine to change the behaviour for SocketException (this change, 8259662), but not for InterruptedIOException (8239798). Also, of the two, this is the one with a CSR.

Yes, they both change certain exceptions being thrown/caught. However, the amount of product code change - unrelated to exception handling - in JDK-8239798 is significantly higher than this backport has.

Both also appear to be regressions caused by importing the TLS v1.3 stack into 8u, so it would be a return to 8u's original behaviour at the time of GA, rather than new behaviour. There is an argument that it has now been so long that the current 8u behaviour is the expected behaviour, but again, that's an argument to not do both patches.

My current preference would be to do both. It looks like 8239798 was started and nearly integrated a long time ago. I didn't see any issues raised with the risk of it at that time.

I can look into doing JDK-8239798 as well, but the amount of changes being done to get the wanted changes in is already large and fairly high risk in total (from where I'm standing). If you feel that we should do JDK-8239798 as well, then I'm fine with it.

jerboaa · 2026-06-03T17:44:16Z

I can look into doing JDK-8239798

See: #825

gnu-andrew · 2026-06-03T17:56:42Z

JDK-8239798: SSLSocket closes socket both socket endpoints on a SocketTimeoutException is not in 8u and this seems a fairly high-risk backport. Instead I've added relevant catch statements manually.

Can you elaborate on this? These look like two related patches which do the same thing with different exception types. I don't really see a case for saying the risk is fine to change the behaviour for SocketException (this change, 8259662), but not for InterruptedIOException (8239798). Also, of the two, this is the one with a CSR.

Yes, they both change certain exceptions being thrown/caught. However, the amount of product code change - unrelated to exception handling - in JDK-8239798 is significantly higher than this backport has.

Yes, I noticed that too, but I think most of it is someone decided it would be a good time to also refactor SSLSocketInputRecord.java. For example, there are blocks like this:

@@ -93,9 +89,9 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
              * Last sanity check that it's not a wild record
              */
             if (!ProtocolVersion.isNegotiable(
-                    temporary[1], temporary[2], false, false)) {
+                    header[1], header[2], false, false)) {
                 throw new SSLException("Unrecognized record version " +
-                        ProtocolVersion.nameOf(temporary[1], temporary[2]) +
+                        ProtocolVersion.nameOf(header[1], header[2]) +
                         " , plaintext connection?");
             }

that appear to exist only because the byte[] array was renamed from temporary to header.

On the positive side, it does bring the code closer to 11u+ but I would also be open to a backport that strips it down to what is needed. But determining that has its own risks.

Anyway, we can look at this on the PR you opened. Thanks for doing this.

Both also appear to be regressions caused by importing the TLS v1.3 stack into 8u, so it would be a return to 8u's original behaviour at the time of GA, rather than new behaviour. There is an argument that it has now been so long that the current 8u behaviour is the expected behaviour, but again, that's an argument to not do both patches.
My current preference would be to do both. It looks like 8239798 was started and nearly integrated a long time ago. I didn't see any issues raised with the risk of it at that time.

I can look into doing JDK-8239798 as well, but the amount of changes being done to get the wanted changes in is already large and fairly high risk in total (from where I'm standing). If you feel that we should do JDK-8239798 as well, then I'm fine with it.

I am swayed by both being in the Oracle 8u for a long time. On the other hand, I could also go with doing neither. I forgot to ask what this is required for in later backports, as that wasn't clear to me.

I am thinking it is overly ambitious to get this all in one release, especially at this late stage, so we should probably lay the foundations in July and do the rest in October.

jerboaa · 2026-06-03T18:03:40Z

I am thinking it is overly ambitious to get this all in one release, especially at this late stage, so we should probably lay the foundations in July and do the rest in October.

Right. That's what it's starting to look like. Anyway, I'll proceed with the backports and the PRs will be there. Please help review! Thanks. Even if it then ends up being pushed one release.

jerboaa · 2026-06-03T18:08:16Z

I am swayed by both being in the Oracle 8u for a long time. On the other hand, I could also go with doing neither. I forgot to ask what this is required for in later backports, as that wasn't clear to me.

It's the rename of jdk/test/sun/security/ssl/SSLSocketImpl/{SSLExceptionForIOIssue.java => SocketExceptionForSocketIssues.java} in prep of #813. This was a backport worth having anyway instead of dropping that code.

gnu-andrew · 2026-06-03T18:08:17Z

I am thinking it is overly ambitious to get this all in one release, especially at this late stage, so we should probably lay the foundations in July and do the rest in October.

Right. That's what it's starting to look like. Anyway, I'll proceed with the backports and the PRs will be there. Please help review! Thanks. Even if it then ends up being pushed one release.

Of course! I'd just feel more comfortable both in my own ability to effectively review them all and the amount of risk in introducing them if some were the other side of rampdown in 8u512.

openjdk · 2026-06-03T18:28:08Z

@jerboaa Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information.

jerboaa · 2026-06-03T18:34:32Z

Re-done on top of #825 now.

openjdk-notifier · 2026-06-08T08:36:29Z

The parent pull request that this pull request depends on has now been integrated and the target branch of this pull request has been updated. This means that changes from the dependent pull request can start to show up as belonging to this pull request, which may be confusing for reviewers. To remedy this situation, simply merge the latest changes from the new target branch into this pull request by running commands similar to these in the local repository for your personal fork:

git checkout 8259662-dont-wrap-socketexcpn-8u
git fetch https://git.openjdk.org/jdk8u-dev.git master
git merge FETCH_HEAD
# if there are conflicts, follow the instructions given by git merge
git commit -m "Merge master"
git push

8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl

openjdk · 2026-06-08T08:54:28Z

@jerboaa Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information.

jerboaa · 2026-06-08T09:33:16Z

Test results still (same as in the PR description):

Test results: passed: 265; failed: 2; error: 1

jerboaa · 2026-06-15T16:53:11Z

@gnu-andrew Could you please review! Thank you.

openjdk Bot changed the title ~~Backport 3aa7dcd2671ab596d1205ea2c78352eae2ce608a~~ 8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl May 22, 2026

openjdk Bot added backport Port of a pull request already in a different code base rfr Pull request is ready for review labels May 22, 2026

jerboaa changed the base branch from master to pr/804 May 27, 2026 10:05

openjdk-notifier Bot force-pushed the pr/804 branch from e415543 to 2314f6b Compare May 27, 2026 14:57

jerboaa force-pushed the 8259662-dont-wrap-socketexcpn-8u branch from 3c06053 to 0dc5b58 Compare May 27, 2026 15:28

openjdk-notifier Bot force-pushed the pr/804 branch from 2314f6b to 05f6511 Compare May 27, 2026 15:39

openjdk Bot mentioned this pull request May 27, 2026

8250839: Improve test template SSLEngineTemplate with SSLContextTemplate #809

Open

5 tasks

This was referenced May 28, 2026

8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message #810

Open

8284047: Harmonize/Standardize the SSLSocket/SSLEngine/SSLSocketSSLEngine test templates #813

Open

openjdk-notifier Bot force-pushed the pr/804 branch from 05f6511 to dd9154b Compare May 29, 2026 14:22

tabata-d mentioned this pull request Jun 2, 2026

8257588: Make os::_page_sizes a bitmask openjdk/jdk11u-dev#3160

Closed

5 tasks

openjdk-notifier Bot changed the base branch from pr/804 to master June 2, 2026 08:29

jerboaa force-pushed the 8259662-dont-wrap-socketexcpn-8u branch from 0dc5b58 to fbe874a Compare June 2, 2026 08:52

jerboaa mentioned this pull request Jun 3, 2026

8239798: SSLSocket closes socket both socket endpoints on a SocketTimeoutException #825

Closed

7 tasks

jerboaa force-pushed the 8259662-dont-wrap-socketexcpn-8u branch from fbe874a to ee90e96 Compare June 3, 2026 18:26

jerboaa changed the base branch from master to pr/825 June 3, 2026 18:26

openjdk-notifier Bot changed the base branch from pr/825 to master June 8, 2026 08:36

jerboaa added 2 commits June 8, 2026 10:42

Backport 3aa7dcd2671ab596d1205ea2c78352eae2ce608a

08ae6e4

8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl

Add missing import

689fa41

jerboaa force-pushed the 8259662-dont-wrap-socketexcpn-8u branch from ee90e96 to 689fa41 Compare June 8, 2026 08:54

Uh oh!

Conversation

jerboaa commented May 22, 2026 • edited by openjdk Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Progress

Issues

Reviewing

Uh oh!

bridgekeeper Bot commented May 22, 2026

Uh oh!

openjdk Bot commented May 22, 2026

Uh oh!

openjdk Bot commented May 22, 2026

Uh oh!

mlbridge Bot commented May 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Webrevs

Uh oh!

jerboaa commented May 27, 2026

Uh oh!

openjdk Bot commented May 27, 2026

Uh oh!

openjdk Bot commented May 27, 2026

Uh oh!

openjdk-notifier Bot commented Jun 2, 2026

Uh oh!

openjdk Bot commented Jun 2, 2026

Uh oh!

jerboaa commented Jun 2, 2026

Uh oh!

gnu-andrew commented Jun 3, 2026

Uh oh!

gnu-andrew commented Jun 3, 2026

Uh oh!

jerboaa commented Jun 3, 2026

Uh oh!

jerboaa commented Jun 3, 2026

Uh oh!

gnu-andrew commented Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

jerboaa commented Jun 3, 2026

Uh oh!

jerboaa commented Jun 3, 2026

Uh oh!

gnu-andrew commented Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openjdk Bot commented Jun 3, 2026

Uh oh!

jerboaa commented Jun 3, 2026

Uh oh!

openjdk-notifier Bot commented Jun 8, 2026

Uh oh!

openjdk Bot commented Jun 8, 2026

Uh oh!

jerboaa commented Jun 8, 2026

Uh oh!

jerboaa commented Jun 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

jerboaa commented May 22, 2026 •

edited by openjdk Bot

Loading

mlbridge Bot commented May 22, 2026 •

edited

Loading

gnu-andrew commented Jun 3, 2026 •

edited

Loading

gnu-andrew commented Jun 3, 2026 •

edited

Loading