Re: RFR: 8284893: Fix typos in java.base [v4]

On Tue, 19 Apr 2022 16:50:12 GMT, Magnus Ihse Bursie wrote: >> I ran `codespell` on the `src/java.base` directory, and accepted those >> changes where it indeed discovered real typos. >> >> (Due to false positives this can unfortunately not be run automatically) >> >> The majority of fixes

Re: RFR: 8186958: Need method to create pre-sized HashMap [v21]

On Thu, 14 Apr 2022 20:16:38 GMT, Sean Mullan wrote: >>> Are the changes necessary for this part? >> >> @seanjmullan no, they are just performance refinement. >> >> If you really that wanna 100% sync , >> >> I can use the old 1.8 api to migrate tha

Re: RFR: 8284893: Fix typos in java.base

On Thu, 14 Apr 2022 20:16:21 GMT, Bradford Wetmore wrote: >> I ran `codespell` on the `src/java.base` directory, and accepted those >> changes where it indeed discovered real typos. >> >> (Due to false positives this can unfortunately not be run automatically) >> >> The majority of fixes are

Re: RFR: 8186958: Need method to create pre-sized HashMap [v21]

On Thu, 14 Apr 2022 20:11:37 GMT, XenoAmess wrote: > > Are the changes necessary for this part? > > @seanjmullan no, they are just performance refinement. > > If you really that wanna 100% sync , > > I can use the old 1.8 api to migrate that part, and make a mirror pr to that > part of

Re: RFR: 8186958: Need method to create pre-sized HashMap [v21]

On Thu, 14 Apr 2022 18:10:28 GMT, XenoAmess wrote: >> 8186958: Need method to create pre-sized HashMap > > XenoAmess has updated the pull request incrementally with one additional > commit since the last revision: > > add `@LastModified: Apr 2022` to DocumentCache Right, we generally try to

Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by default [v6]

On Tue, 15 Mar 2022 16:00:41 GMT, Michael McMahon wrote: >> Hi, >> >> Could I get the following change reviewed please, which is to disable the >> MD5 message digest algorithm by default in the HTTP Digest authentication >> mechanism? The algorithm can be opted into by setting a new system

Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by default [v2]

On Thu, 10 Mar 2022 16:43:23 GMT, Michael McMahon wrote: >> src/java.base/share/conf/security/java.security line 711: >> >>> 709: # separated list of algorithms to be allowed. >>> 710: # >>> 711: jdk.httpdigest.defaultDisabledAlgorithms = MD5, MD-5, SHA1, SHA-1 >> >> I haven't seen people

Re: RFR: 8280494: (D)TLS signature schemes [v20]

On Wed, 9 Mar 2022 08:25:48 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8280494: (D)TLS signature schemes [v19]

On Sun, 6 Mar 2022 05:40:59 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by default

On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote: > Hi, > > Could I get the following change reviewed please, which is to disable the MD5 > message digest algorithm by default in the HTTP Digest authentication > mechanism? The algorithm can be opted into by setting a new system property

Re: RFR: 8280494: (D)TLS signature schemes [v18]

On Thu, 17 Feb 2022 18:57:02 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8280494: (D)TLS signature schemes [v15]

On Wed, 9 Feb 2022 18:24:56 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8280494: (D)TLS signature schemes [v13]

On Tue, 8 Feb 2022 23:36:05 GMT, Xue-Lei Andrew Fan wrote: >> Ok, I get it now, the API wins if both are set. But I could not discern that >> from the current text. I think it is ok to be more clear about this. I >> suggest adding something like the following: >> >> "The set of signature

Re: RFR: 8280494: (D)TLS signature schemes [v13]

On Mon, 7 Feb 2022 23:13:13 GMT, Xue-Lei Andrew Fan wrote: >>> "If set, these properties will override the signature schemes returned by >>> this method." >> >> If I understand your ideas correctly, the behavior should be "the returned >> value of this method will override these properties",

Re: RFR: 8280494: (D)TLS signature schemes [v13]

On Mon, 7 Feb 2022 22:00:21 GMT, Xue-Lei Andrew Fan wrote: >> src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 744: >> >>> 742: * the {@systemProperty jdk.tls.client.SignatureSchemes} and/or >>> 743: * {@systemProperty jdk.tls.server.SignatureSchemes} system >>>

Re: RFR: 8280494: (D)TLS signature schemes [v13]

On Fri, 4 Feb 2022 20:58:46 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8280494: (D)TLS signature schemes [v9]

On Wed, 2 Feb 2022 19:12:56 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8280494: (D)TLS signature schemes [v9]

On Wed, 2 Feb 2022 22:41:56 GMT, Xue-Lei Andrew Fan wrote: > > On a related issue, have you given any thought as to what the behavior > > should be if a 3rd-party JSSE provider is not updated to support these new > > methods? I don't know of a good way to address that since the API is not > >

Re: RFR: 8280494: (D)TLS signature schemes [v9]

On Wed, 2 Feb 2022 19:12:56 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8280494: (D)TLS signature schemes [v9]

On Wed, 2 Feb 2022 19:12:56 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8280494: (D)TLS signature schemes [v2]

On Tue, 1 Feb 2022 06:42:30 GMT, Xue-Lei Andrew Fan wrote: >> Ok. You should specify what the default value of the signature schemes >> parameter is for this constructor as it does for the other parameters. > > Good catch. Updated. Looks good. - PR:

Re: RFR: 8280494: (D)TLS signature schemes [v8]

On Tue, 1 Feb 2022 06:47:00 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8280494: (D)TLS signature schemes [v2]

On Sat, 29 Jan 2022 05:26:33 GMT, Xue-Lei Andrew Fan wrote: >> src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 94: >> >>> 92: >>> 93: /** >>> 94: * Constructs SSLParameters. >> >> Would it be useful to add another ctor that takes a signature schemes array >>

Re: RFR: 8280494: (D)TLS signature schemes [v7]

On Mon, 31 Jan 2022 20:24:47 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8280949: Correct the references for the Java Security Standard Algorithm Names specification [v2]

On Mon, 31 Jan 2022 19:19:28 GMT, Xue-Lei Andrew Fan wrote: > > Please capitalize "specification" (i.e. "Specification") to be consistent > > with other references in the javadoc. Looks good otherwise. > > OK. Just curious, why we want to use capitalized "specification"? This word >

Re: RFR: 8280494: (D)TLS signature schemes [v2]

On Fri, 28 Jan 2022 15:17:28 GMT, Sean Mullan wrote: >> Xue-Lei Andrew Fan has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Copyright correction > > src/java.base/share/classes/javax/net/ssl/SSLParam

Re: RFR: 8280494: (D)TLS signature schemes [v2]

On Fri, 28 Jan 2022 07:21:56 GMT, Xue-Lei Andrew Fan wrote: >> This update is to support signature schemes customization for individual >> (D)TLS connection. Please review the CSR as well: >> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495 >> RFE:

Re: RFR: 8280363: Minor correction of ALPN specification in SSLParameters [v2]

On Thu, 20 Jan 2022 14:46:28 GMT, Xue-Lei Andrew Fan wrote: >> In the getApplicationProtocols() method in javax.net.ssl.SSLParameters, the >> return statement says that "The array is ordered based on protocol >> preference, with protocols[0] being the most preferred.". However, there is >> no

Re: RFR: 8280363: Minor correction of ALPN specification in SSLParameters

On Thu, 20 Jan 2022 07:12:42 GMT, Xue-Lei Andrew Fan wrote: > In the getApplicationProtocols() method in javax.net.ssl.SSLParameters, the > return statement says that "The array is ordered based on protocol > preference, with protocols[0] being the most preferred.". However, there is > no

Re: RFR: 8274809: Update java.base classes to use try-with-resources

On Tue, 5 Oct 2021 09:36:23 GMT, Andrey Turbanov wrote: > 8274809: Update java.base classes to use try-with-resources The security related files look fine. - Marked as reviewed by mullan (Reviewer). PR: https://git.openjdk.java.net/jdk/pull/5818

Re: RFR: 8274835: Remove unnecessary castings in java.base

On Thu, 9 Sep 2021 20:12:47 GMT, Andrey Turbanov wrote: > Redundant castings make code harder to read. > Found them by IntelliJ IDEA. > I tried to select only casts which are definitely safe to remove. Also didn't > touch primitive types casts. The security related files look fine.

Re: RFR: 8273261: Replace 'while' cycles with iterator with enhanced-for in java.base

On Wed, 1 Sep 2021 07:37:53 GMT, Andrey Turbanov wrote: > There are few places in code where manual while loop is used with Iterator to > iterate over Collection. > Instead of manual while cycles it's preferred to use enhanced-for cycle > instead: it's less verbose, makes code easier to read

Re: RFR: 8266459: Implement JEP 411: Deprecate the Security Manager for Removal [v3]

On Fri, 21 May 2021 15:27:39 GMT, Daniel Fuchs wrote: >> Weijun Wang has updated the pull request incrementally with one additional >> commit since the last revision: >> >> fixing awt/datatransfer/DataFlavor/DataFlavorRemoteTest.java > >

Re: RFR: 8267184: JEP 411: Add -Djava.security.manager=allow to tests calling System.setSecurityManager [v2]

On Tue, 18 May 2021 21:44:43 GMT, Weijun Wang wrote: >> Please review the test changes for [JEP >> 411](https://openjdk.java.net/jeps/411). >> >> With JEP 411 and the default value of `-Djava.security.manager` becoming >> `disallow`, tests calling `System.setSecurityManager()` need >>

Re: RFR: 8266459: Implement JEP 411: Deprecate the Security Manager for Removal

On Tue, 18 May 2021 15:19:21 GMT, Alan Bateman wrote: >> It includes both: >>  > > Thanks for checking, I assumed that was the case so wondering if it

Re: RFR: 8266459: Implement JEP 411: Deprecate the Security Manager for Removal

On Tue, 18 May 2021 06:31:06 GMT, Alan Bateman wrote: >> Please review this implementation of [JEP >> 411](https://openjdk.java.net/jeps/411). >> >> The code change is divided into 3 commits. Please review them one by one. >> >> 1. >>

Re: RFR: 8080272 Refactor I/O stream copying to use InputStream.transferTo/readAllBytes and Files.copy [v11]

On Fri, 19 Feb 2021 08:05:06 GMT, Andrey Turbanov wrote: >> src/java.base/share/classes/sun/security/provider/certpath/X509CertPath.java >> line 228: >> >>> 226: try { >>> 227: if (is.markSupported() == false) { >>> 228: // Copy the entire input stream into

Re: RFR: 8080272 Refactor I/O stream copying to use InputStream.transferTo/readAllBytes and Files.copy [v11]

On Mon, 15 Feb 2021 19:47:00 GMT, Andrey Turbanov wrote: >> 8080272 Refactor I/O stream copying to use >> InputStream.transferTo/readAllBytes and Files.copy > > Andrey Turbanov has updated the pull request incrementally with one > additional commit since the last revision: > > 8080272:

Re: RFR: 8260520: Avoid getting permissions in JarFileFactory when no SecurityManager installed [v2]

On Wed, 27 Jan 2021 18:59:00 GMT, Claes Redestad wrote: >> 8260520: Avoid getting permissions in JarFileFactory when no SecurityManager >> installed > > Claes Redestad has updated the pull request incrementally with two additional > commits since the last revision: > > - Copyrights > - Same

Re: RFR: 8260520: Avoid getting permissions in JarFileFactory when no SecurityManager installed

On Wed, 27 Jan 2021 15:10:16 GMT, Michael McMahon wrote: >> 8260520: Avoid getting permissions in JarFileFactory when no SecurityManager >> installed > > Marked as reviewed by michaelm (Reviewer). Will you make the same change to

Re: RFR: 8250564: Remove terminally deprecated constructor in GSSUtil

On Tue, 5 Jan 2021 21:02:21 GMT, Joe Darcy wrote: > Back in JDK 16, two unintended default constructors were identified and > deprecated for removal. The time has come to remove them. > > Please also review the corresponding CSRs: > > JDK-8258521 Remove terminally deprecated constructor in

Integrated: 8202343: Disable TLS 1.0 and 1.1

On Mon, 16 Nov 2020 20:18:16 GMT, Sean Mullan wrote: > This change disables the TLSv1 and TLSv1.1 protocols by adding them to the > jdk.tls.disabledAlgorithms security property in the java.security file. These > protocols use weak algorithms and are being deprecated by the IETF. They

Re: RFR: 8202343: Disable TLS 1.0 and 1.1 [v2]

On Wed, 18 Nov 2020 15:45:02 GMT, Sean Coffey wrote: >> Sean Mullan has updated the pull request incrementally with one additional >> commit since the last revision: >> >> More test changes. > > test/lib/jdk/test/lib/security/SecurityUtils.java line 64:

Re: RFR: 8202343: Disable TLS 1.0 and 1.1 [v2]

a > new test specifically for this issue: > test/jdk/sun/security/ssl/SSLContextImpl/SSLContextDefault.java Sean Mullan has updated the pull request incrementally with one additional commit since the last revision: More test changes. - Changes: - all: https://git.openjdk.jav

Re: Fix for Javadoc errors in java.base

On 8/13/20 1:21 PM, Jonathan Gibbons wrote: --- old/src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java 2020-07-25 23:46:21.233726447 +0530 +++ new/src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java 2020-07-25 23:46:20.721720857 +0530 @@ -96,8 +96,6 @@

Re: Fix for Javadoc errors in java.base

On 8/13/20 11:05 AM, Julia Boes wrote: Hi Vipin, Thanks for providing this fix, I'm happy to sponsor your change. To complete the review, we still need someone to green light the remaining changes below. I'm looping in net-dev and security-dev to have a look. Bug:

Re: Browser's accepting certificates that Java does not

Also, in case you did not know, the JDK "PKIX" CertPathBuilder implementation (which is also the default used by the JSSE TrustManager) supports retrieving certificates via the AIA extension, but it is disabled by default. To enable it, set the "com.sun.security.enableAIAcaIssuers" system

Re: 8248865: Document JNDI/LDAP timeout properties

- and I would beg to tackle that in a followup issue if you don't mind. Ok. --Sean best regards, -- daniel On 07/07/2020 13:12, Sean Mullan wrote: You should document what the behavior is if an invalid string value is set (ex: not an integer). --Sean

Re: 8248865: Document JNDI/LDAP timeout properties

You should document what the behavior is if an invalid string value is set (ex: not an integer). --Sean On 7/7/20 7:11 AM, Aleks Efimov wrote: Hi Daniel, Thanks for documenting the system properties. It looks good to me. NIT: You might want to update the copyright's last modification year

Re: Need sponsor to fix Javadoc warnings

The security changes look fine to me. --Sean On 4/8/20 7:50 AM, Pavel Rappo wrote: Vipin, here you go: https://bugs.openjdk.java.net/browse/JDK-8242366 http://cr.openjdk.java.net/~prappo/8242366/webrev.00/ I took the liberty of additionally fixing a couple of parameters' names, a

Re: RFR JDK-8239595/JDK-8239594 : ssl context version is not respected/jdk.tls.client.protocols is not respected

I think you should mark one of the two bugs a duplicate. Typically I mark the more recent one as a duplicate, unless there is a good reason to do otherwise. --Sean On 3/26/20 12:28 PM, Sean Mullan wrote: Cross-posting to security-dev as this involves TLS/SSL configuration. --Sean On 3/26

Re: RFR JDK-8239595/JDK-8239594 : ssl context version is not respected/jdk.tls.client.protocols is not respected

Cross-posting to security-dev as this involves TLS/SSL configuration. --Sean On 3/26/20 10:02 AM, rahul.r.ya...@oracle.com wrote: Hello, Request to have my fix reviewed for issues:     JDK-8239595 : ssl context version is not respected     JDK-8239594 : jdk.tls.client.protocols is not

Re: Reading from a closed socket: different behavior between Linux and other operating systems

Cross-posting to security-dev as SSL is involved. --Sean On 12/29/19 4:01 PM, Dawid Weiss wrote: Hello, I am a committer to the Apache Lucene project. We have been looking into a problem in which SSL connections were handled differently in tests on different operating systems and narrowed it

Re: RFR (XS) 8230415 : Avoid redundant permission checking in FilePermissionCollection and SocketPermissionCollection

Hi Ivan, The fix looks good. Good catch. --Sean On 8/30/19 7:32 PM, Ivan Gerasimov wrote: Hello! In the two implementations of PermissionCollection.implies(Permission), all the permissions are traversed, and their corresponding bit mask are checked. For example, here's a snippet from

Re: [ipv6]: 8224081: SOCKS v4 doesn't work with IPv6

On 5/24/19 4:56 PM, Sean Mullan wrote: On 5/23/19 8:14 PM, Arthur Eubanks wrote: Ping on a review from security-dev. On Fri, May 17, 2019 at 9:53 AM Chris Hegarty mailto:chris.hega...@oracle.com>> wrote:     Arthur,     On 17 May 2019, at 17:50, Arthur Eubanks mailto:aeuba...@goog

Re: [ipv6]: 8224081: SOCKS v4 doesn't work with IPv6

On 5/23/19 8:14 PM, Arthur Eubanks wrote: Ping on a review from security-dev. On Fri, May 17, 2019 at 9:53 AM Chris Hegarty > wrote: Arthur, On 17 May 2019, at 17:50, Arthur Eubanks mailto:aeuba...@google.com>> wrote: Looks good.

Re: [RFR] 8224635: Revert 8224256 and add back java/security/SecureClassLoader/DefineClass.java test

Looks fine although you should update the 8224635 title to match the changeset. Also, I assume you will file a followon bug for the original issue (JDK-8224256). I think a new bug must be filed instead of re-opening 8224256 because a changeset has already been pushed for it. --Sean On

Re: [ipv6] RFR: 8224256: test/jdk/java/security/SecureClassLoader/DefineClass.java hardcodes 127.0.0.1

On 5/22/19 3:33 PM, Arthur Eubanks wrote: On Wed, May 22, 2019 at 12:12 PM Sean Mullan <mailto:sean.mul...@oracle.com>> wrote: On 5/22/19 1:28 PM, Arthur Eubanks wrote: > On Wed, May 22, 2019 at 7:13 AM Daniel Fuchs mailto:daniel.fu...@oracle.com> >

Re: [ipv6] RFR: 8224256: test/jdk/java/security/SecureClassLoader/DefineClass.java hardcodes 127.0.0.1

On 5/22/19 1:28 PM, Arthur Eubanks wrote: On Wed, May 22, 2019 at 7:13 AM Daniel Fuchs > wrote: Hi Arthur,    18 // For IPSupport    19 grant {    20     permission java.net.SocketPermission "localhost:0", "listen,resolve";    21     

Re: RFR [13] 8220719: Allow other named NetPermissions to be used

Looks good to me. --Sean On 3/15/19 10:30 AM, Chris Hegarty wrote: This is a review request to resolve an asymmetry that I noticed when investigating another issue. The NetPermission specification should be relaxed a little to allow for other target names to be used, similar to 8077055.

Re: Disable TLS 1.3 backward compatibility mode?

-bcc net-dev Copying security-dev as TLS 1.3 topics are more appropriate for that mailing list. --Sean On 3/10/19 3:24 PM, ra...@web.de wrote: Dear, the Java TLS 1.3 implementation supports middlebox compatibility (e.g. sends a non-empty session id and a ChangeCipherSpec message). Out of

Re: RFR [13] JDK-8215430: Remove the internal package com.sun.net.ssl

AbstractDelegateHttpsURLConnection updated):     http://cr.openjdk.java.net/~xuelei/8215430/webrev.01/ Thanks, Xuelei On 2/25/2019 1:55 PM, Sean Mullan wrote: (I'd suggest cross-posting to net-dev since some classes in the networking area are also changed). - AbstractDelegateHttpsURLConnection It might be less risky

Re: RFR 8217657: Move the test for default value of jdk.includeInExceptions into own test

I don't think you really need to run the test with the othervm flag, unless you are concerned other tests may be setting this property and (incorrectly) not running in a separate VM, which would be a bug in my opinion. Well, then maybe you should run it in othervm just in case. Otherwise,

Re: A new proposal to add methods to HttpsURLConnection to access SSLSession

://cr.openjdk.java.net/~xuelei/8212261/webrev.05/ Looks good. --Sean Thanks, Xuelei On 11/8/2018 7:03 AM, Sean Mullan wrote: On 11/7/18 7:22 PM, Xuelei Fan wrote: On 11/7/2018 1:30 PM, Sean Mullan wrote:    https://bugs.openjdk.java.net/browse/JDK-8213161    http://cr.openjdk.java.net/~xuelei

Re: A new proposal to add methods to HttpsURLConnection to access SSLSession

On 11/7/18 7:22 PM, Xuelei Fan wrote: On 11/7/2018 1:30 PM, Sean Mullan wrote:    https://bugs.openjdk.java.net/browse/JDK-8213161    http://cr.openjdk.java.net/~xuelei/8212261/webrev.03/ I didn't see a test for SecureCacheResponse - is it possible? JDK does not have the reference

Re: A new proposal to add methods to HttpsURLConnection to access SSLSession

lei@oracle.com>> wrote: On 11/1/2018 11:24 AM, Sean Mullan wrote: On 10/31/18 11:52 AM, Chris Hegarty wrote: Xuelei, On 30/10/18 20:55, Xuelei Fan wrote: Hi, For the current HttpsURLConnection, there is not much security parameters exposed in the public APIs.  An application

Re: A new proposal to add methods to HttpsURLConnection to access SSLSession

On 10/31/18 11:52 AM, Chris Hegarty wrote: Xuelei, On 30/10/18 20:55, Xuelei Fan wrote: Hi, For the current HttpsURLConnection, there is not much security parameters exposed in the public APIs.  An application may need richer information for the underlying TLS connections, for example the

Re: HttpURLConnection throws SunCertPathBuilderException in jdk11

ttach files there, but program example is short and can be easily run by anyone. Andrey Turbanov. 2018-06-15 16:58 GMT+03:00 Sean Mullan <mailto:sean.mul...@oracle.com>>: The 2nd (good) logfile looks like it is from a completely different program - are you sure you are using

Re: java.net.Socket should report the attempted address and port

Hi Michael, I agree with Alan and Peter that the name should more clearly identify the security implications of setting it. Alternatively, if you think you may build on this you might want to add support for a multi-valued property, like jdk.net.includeInExceptions=hostInfo,... --Sean On

Re: HttpURLConnection throws SunCertPathBuilderException in jdk11

Турбанов wrote: 2 log files attached. Андрей Турбанов 2018-06-12 15:40 GMT+03:00 Sean Mullan <mailto:sean.mul...@oracle.com>>: Please add -Djava.security.debug=certpath to the java command line and attach the log file. Preferably, attach 2 log files, one for a good run and one

Re: HttpURLConnection throws SunCertPathBuilderException in jdk11

Please add -Djava.security.debug=certpath to the java command line and attach the log file. Preferably, attach 2 log files, one for a good run and one for a bad run. This should help show what the problem is. --Sean On 6/11/18 7:59 PM, Андрей Турбанов wrote: Hello. I tried to use early jdk11

Re: Request for review: 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension

SSLParameters.java 649 applicationProtocols = protocols.clone(); You should clone the parameters before checking if they are valid. Move this to line 642, and check the validity of the cloned array. Also, use a temporary variable for the clone, so as not to pollute the

Re: [9] RFR: 8074531: Remove javax.security.cert.X509Certificate usage in internal networking packages

Hi Jason, * HttpsURLConnection.java, HttpsURLConnectionOldImpl.java This looks fine but as a next-step, we may be able to completely remove these classes, which have been deprecated for a long time and are implementation-specific. Can you check with Brad/Xuelei and open a separate issue to

hg: jdk8/tl/jdk: 8031825: OCSP client can't find responder cert if it uses a different subject key id algorithm than responderID

Changeset: 57c26829deb6 Author:mullan Date: 2014-01-22 19:06 -0500 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/57c26829deb6 8031825: OCSP client can't find responder cert if it uses a different subject key id algorithm than responderID Reviewed-by: vinnie, xuelei !

hg: jdk8/tl/jdk: 2 new changesets

Changeset: aef6c726810e Author:mullan Date: 2013-12-23 14:03 -0500 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/aef6c726810e 8030813: Signed applet fails to load when CRLs are stored in an LDAP directory Summary: Skip JNDI application resource lookup to avoid recursive JAR

Re: RFR(L) - 2nd round: 8024854: Basic changes and files to build the class library on AIX

comments (20 Sept [4]) - Steffan Larsen (svc): APPROVED (20 Sept [5]) - Phil Race (2d): Initial comments (18 Sept [6]); Additional comments (15 Oct [7]) - Sean Mullan (sec): Initial comments (26 Sept [8]) [2]: http://mail.openjdk.java.net/pipermail/ppc-aix-port-dev/2013-September/001045.html [3

hg: jdk8/tl/jdk: 3 new changesets

Changeset: 5f4aecd73caa Author:mullan Date: 2013-10-22 08:03 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5f4aecd73caa 8021191: Add isAuthorized check to limited doPrivileged methods Reviewed-by: weijun, xuelei ! src/share/classes/java/security/AccessControlContext.java !

hg: jdk8/tl/jdk: 2 new changesets

Changeset: fc7a6fa3589a Author:ascarpino Date: 2013-10-22 19:37 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/fc7a6fa3589a 8025763: Provider does not override new Hashtable methods Reviewed-by: mullan ! src/share/classes/java/security/Provider.java Changeset: b065de1700d3

hg: jdk8/tl/jdk: 3 new changesets

Changeset: 5d866df64ae3 Author:mullan Date: 2013-10-17 10:18 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5d866df64ae3 8026346: test/java/lang/SecurityManager/CheckPackageAccess.java failing Reviewed-by: vinnie ! src/share/lib/security/java.security-macosx !

hg: jdk8/tl/jdk: 2 new changesets

Changeset: 4ad76262bac8 Author:mullan Date: 2013-10-11 08:43 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4ad76262bac8 8007292: Add JavaFX internal packages to package.access Summary: build hooks to allow closed restricted packages to be added to java.security file

hg: jdk8/tl/jdk: 2 new changesets

Changeset: 0aba8b6232af Author:mullan Date: 2013-09-06 12:04 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0aba8b6232af 8023362: Don't allow soft-fail behavior if OCSP responder returns unauthorized Reviewed-by: vinnie, xuelei !

hg: jdk8/tl/jdk: 8023769: JDK-8016850 broke the old build

Changeset: 134283a88499 Author:mullan Date: 2013-08-27 10:46 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/134283a88499 8023769: JDK-8016850 broke the old build Summary: remove files that were moved/removed from com/sun/security/auth/FILES_java.gmk Reviewed-by: chegar,

hg: jdk8/tl/jdk: 2 new changesets

Changeset: 6a1bfcde4d4d Author:mullan Date: 2013-08-27 12:04 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6a1bfcde4d4d 8019830: Add com.sun.media.sound to the list of restricted package Reviewed-by: vinnie ! src/share/lib/security/java.security-linux !

hg: jdk8/tl/jdk: 2 new changesets

Changeset: bce5205dbe84 Author:ascarpino Date: 2013-08-14 10:50 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/bce5205dbe84 8022669: OAEPParameterSpec does not work if MGF1ParameterSpec is set to SHA2 algorithms Reviewed-by: mullan !

hg: jdk8/tl/jdk: 8016850: JCK javax.security.auth.Policy tests fail when run in Profiles mode

Changeset: f120e2c4b4b1 Author:mullan Date: 2013-08-19 17:17 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f120e2c4b4b1 8016850: JCK javax.security.auth.Policy tests fail when run in Profiles mode Summary: Move default javax.security.auth.Policy implementation to compact1

hg: jdk8/tl/jdk: 2 new changesets

Changeset: 1f4af3e0447e Author:mullan Date: 2013-08-06 08:31 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1f4af3e0447e 8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods fails Summary: TransformService.init and marshalParams must throw

hg: jdk8/tl/jdk: 3 new changesets

Changeset: 42b786f2fb99 Author:mullan Date: 2013-08-02 08:30 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/42b786f2fb99 8001319: Add SecurityPermission insertProvider target name Reviewed-by: vinnie ! src/share/classes/java/security/Security.java !

hg: jdk8/tl/jdk: 2 new changesets

Changeset: a834ab2c1354 Author:mullan Date: 2013-07-25 10:58 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a834ab2c1354 8010748: Add PKIXRevocationChecker NO_FALLBACK option and improve SOFT_FAIL option Reviewed-by: vinnie !

hg: jdk8/tl/jdk: 2 new changesets

Changeset: 1744a32d3db3 Author:mullan Date: 2013-07-25 20:12 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1744a32d3db3 8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo Reviewed-by: xuelei !

hg: jdk8/tl/jdk: 2 new changesets

Changeset: 028ef97797c1 Author:mullan Date: 2013-07-05 15:54 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/028ef97797c1 8011547: Update XML Signature implementation to Apache Santuario 1.5.4 Reviewed-by: xuelei !

hg: jdk8/tl/jdk: 8014307: Memory leak ... security/jgss/wrapper/GSSLibStub.c

Changeset: f695f447f6b7 Author:jzavgren Date: 2013-06-14 09:13 -0400 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f695f447f6b7 8014307: Memory leak ... security/jgss/wrapper/GSSLibStub.c Summary: I modified the native procedure:

Re: RFR: 8012261: update policytool to support java.net.HttpURLPermission

Looks fine to me. --Sean On 05/16/2013 10:17 PM, Weijun Wang wrote: Hi All Please take a look at http://cr.openjdk.java.net/~weijun/8012261/webrev.00/ which supports the new HttpURLPermission type introduced in 8010464: Evolve java networking same origin policy

Re: 8008662: Add @jdk.Supported to JDK-specific/supported API

The security related ones look ok to me. --Sean On 02/21/2013 01:46 PM, Alan Bateman wrote: Joe Darcy recently added @jdk.Supported [1] to make it possible to identify JDK-specific APIs. I'd like to add this to a number of APIs in the com.sun namespace to make it obvious these are supported.

hg: jdk8/tl/jdk: 8008107: [parfait] Use after free of pointer in jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c

Changeset: 267bca6af07e Author:jzavgren Date: 2013-02-19 15:31 -0500 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/267bca6af07e 8008107: [parfait] Use after free of pointer in jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c Reviewed-by: mullan, chegar !

hg: jdk8/tl/jdk: 8006813: Compilation error in PKCS12KeyStore.java

Changeset: 89f37f7188df Author:mullan Date: 2013-01-23 20:46 -0500 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/89f37f7188df 8006813: Compilation error in PKCS12KeyStore.java Reviewed-by: valeriep ! src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java

hg: jdk8/tl/jdk: 8005389: Backout fix for JDK-6500133

Changeset: c7d54f93d3e5 Author:juh Date: 2013-01-16 09:51 -0500 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c7d54f93d3e5 8005389: Backout fix for JDK-6500133 Reviewed-by: mullan ! src/share/classes/sun/security/x509/URIName.java ! test/sun/security/x509/URIName/Parse.java

hg: jdk8/tl/jdk: 8005939: sun/security/x509/{X509CRLImplX509CertImpl}/Verify.java fail in confusing way when some providers not present

Changeset: f7f77bdf248b Author:juh Date: 2013-01-16 13:35 -0500 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f7f77bdf248b 8005939: sun/security/x509/{X509CRLImplX509CertImpl}/Verify.java fail in confusing way when some providers not present Reviewed-by: mullan, weijun !

hg: jdk8/tl/jdk: 3 new changesets

Changeset: 86828e84654f Author:mullan Date: 2013-01-08 19:00 -0500 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/86828e84654f 7019834: Eliminate dependency from PolicyFile to com.sun.security.auth.PrincipalComparator Summary: Add new java.security.Principal.implies method

hg: jdk8/tl/jdk: 2 new changesets

Changeset: 4d28776d7007 Author:mullan Date: 2012-12-26 10:07 -0500 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4d28776d7007 8005117: Eliminate dependency from ConfigSpiFile to com.sun.security.auth.login.ConfigFile Reviewed-by: alanb, mchung, weijun !

hg: jdk8/tl/jdk: 2 new changesets

Changeset: c97618a3c8c2 Author:juh Date: 2012-12-13 09:35 -0500 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c97618a3c8c2 7193792: sun/security/pkcs11/ec/TestECDSA.java failing intermittently Reviewed-by: vinnie, wetmore ! test/ProblemList.txt !

  1   2   >