Re: RFR: (XS) 8162916:Test sun/security/krb5/auto/UnboundSSL.java fails

This is great. Change looks fine to me. Thanks Max On 8/18/2016 23:28, Seán Coffey wrote: Thanks for the tip Artem, Max. No need to modify the policy file then. Below is the new suggested patch for jdk8u-dev. JPRT results are good. diff --git a/test/sun/security/krb5/auto/UnboundSSL.java

Re: [9] RFR 8164398: Add test sun/security/krb5/auto/EmptyPassword.java to ProblemList

Looks fine to me. Xuelei On 8/19/2016 5:17 AM, Vincent Ryan wrote: Please approve this change to add a failing test to jdk/test/ProblemList.txt so we can investigate further. Thanks. diff --git a/test/ProblemList.txt b/test/ProblemList.txt --- a/test/ProblemList.txt +++

Re: [9] RFR 8078661: [SunPKCS11] Fails to cast into RSAPrivateCrtKey after RSA KeyPair Generation

I share your view on most things. It's just that the APIs are there before the PKCS11 provider is added. So, there are some history reason as to why things are as they are today. Re-structuring the public classes are almost impossible considering the compatibility impact. However, we can

Re: [9] RFR: 8164100: com/sun/crypto/provider/KeyFactory/TestProviderLeak.java fails with java.util.concurrent.TimeoutException

Changes look fine. Valerie On 8/17/2016 11:29 AM, Artem Smotrakov wrote: Hello, Please review the following patch for com/sun/crypto/provider/KeyFactory/TestProviderLeak.java test. This is a request to make the test take into account a test timeout factor. Timeout factor can be specified

[9] RFR 8164398: Add test sun/security/krb5/auto/EmptyPassword.java to ProblemList

Please approve this change to add a failing test to jdk/test/ProblemList.txt so we can investigate further. Thanks. diff --git a/test/ProblemList.txt b/test/ProblemList.txt --- a/test/ProblemList.txt +++ b/test/ProblemList.txt @@ -289,6 +289,8 @@

Re: [9] RFR 8078661: [SunPKCS11] Fails to cast into RSAPrivateCrtKey after RSA KeyPair Generation

Hi Mike, Thanks for the feedback and the detailed write up. The scenario here is complicated by the sensitive/non-extractable keys of PKCS#11 and the fact that java key and key specification classes assume all relevant values being available. Only when all relevant values are available, then

Re: RFR: 8061842: Package jurisdiction policy files as something other than JAR

On 08/17/2016 07:22 PM, Bradford Wetmore wrote: - src/java.base/share/conf/security/java.security 854 crypto.policy=policydir-tbd The policydir-tbd value is a little confusing in that it isn't a real value. What about just setting this to the empty string? It's a similar marker for the

Re: [8u-dev] Request for Approval: Backport of 8144566: Custom HostnameVerifier disables SNI extension

approved for push to 8u-dev Cheers, -Buck On 2016/08/18 16:51, Seán Coffey wrote: Changes look good Ramanand. Reviewed. Regards, Sean. On 18/08/2016 07:03, David Buck wrote: Hi Ramanand! As there are (minor) changes between the two change sets, you will need to get a code review of the

Re: [8u-dev] Request for Approval: Backport of 8144566: Custom HostnameVerifier disables SNI extension

Hi Ramanand! As there are (minor) changes between the two change sets, you will need to get a code review of the backported changes. I have included the security-dev alias in the CC list. Cheers, -Buck > On Aug 18, 2016, at 14:34, Ramanand Patil wrote: > > Hi, >

RE: [8u-dev] Request for Approval: Backport of 8144566: Custom HostnameVerifier disables SNI extension

Thank you Sean and David. Regards, Ramanand. -Original Message- From: david buck Sent: Thursday, August 18, 2016 1:26 PM To: Seán Coffey; Ramanand Patil Cc: jdk8u-dev; security-dev@openjdk.java.net Subject: Re: [8u-dev] Request for Approval: Backport of 8144566: Custom HostnameVerifier

Re: RFR: 9: 8164229: Redundant "sun/net/www/protocol/https" tests in jdk_security3 group

This was probably more important when the Security group had direct responsibility for the https code. Brad On 8/18/2016 12:51 AM, Chris Hegarty wrote: On 17 Aug 2016, at 19:52, Rajan Halade wrote: On 8/17/16 11:36 AM, Chris Hegarty wrote: On 17 Aug 2016, at

Re: RFR: (XS) 8162916:Test sun/security/krb5/auto/UnboundSSL.java fails

Hi Sean, The patch below looks fine to me, but I am not an official reviewer. Artem On 08/18/2016 08:28 AM, Seán Coffey wrote: Thanks for the tip Artem, Max. No need to modify the policy file then. Below is the new suggested patch for jdk8u-dev. JPRT results are good. diff --git

RSA Key Interfaces Was: Re: [9] RFR 8078661: [SunPKCS11] Fails to cast into RSAPrivateCrtKey after RSA KeyPair Generation

Hi - Looking at Valeries changes to the above made me take a closer look at the current definitions of the various RSA key interfaces. What would be the impact of the following changes?: Make RSAMultiPrimePrivateCrtKeySpec extend RSAPrivateCrtKeyKeySpec instead of RSAPrivateKeySpec.

Re: [9] RFR 8078661: [SunPKCS11] Fails to cast into RSAPrivateCrtKey after RSA KeyPair Generation

On 8/17/2016 11:36 PM, Valerie Peng wrote: Regression tests are still running, but thought that I will send the updated webrev out and see if there are more comments. Webrev is updated at: http://cr.openjdk.java.net/~valeriep/8078661/webrev.01/ Thanks, Valerie Hi Valerie - You know -

Re: RFR: (XS) 8162916:Test sun/security/krb5/auto/UnboundSSL.java fails

Thanks for the tip Artem, Max. No need to modify the policy file then. Below is the new suggested patch for jdk8u-dev. JPRT results are good. diff --git a/test/sun/security/krb5/auto/UnboundSSL.java b/test/sun/security/krb5/auto/UnboundSSL.java ---

Re: RFR: 8061842: Package jurisdiction policy files as something other than JAR

Hi Brad, nice to have this going in. Some comments. 1. Bug synopsis, can you edit it perhaps. "Introduce security property to control strong crypto" seems more descriptive. 2. Exception handling. Alot of your new exceptions don't include context. That makes debugging more difficult than

Re: RFR: 8163126 Wrong @modules in some of jdk/* tests

On 17/08/2016 17:40, Alexandre (Shura) Iline wrote: Thank you! Fixed in place: http://cr.openjdk.java.net/~shurailine/8163126/webrev.00/test/jdk/security/jarsigner/Spec.java.sdiff.html Shura The updated patch looks good to me. Slightly off-topic but how close do you think we are to

Re: RFR: 9: 8164229: Redundant "sun/net/www/protocol/https" tests in jdk_security3 group

> On 17 Aug 2016, at 19:52, Rajan Halade wrote: > > On 8/17/16 11:36 AM, Chris Hegarty wrote: > >> On 17 Aug 2016, at 18:54, Rajan Halade wrote: >>> sun/net/www/protocol/https tests are redundant in jdk_security3 group, >>> these are included

Re: RFR: 9: 8164229: Redundant "sun/net/www/protocol/https" tests in jdk_security3 group

> On 17 Aug 2016, at 19:52, Rajan Halade wrote: > > On 8/17/16 11:36 AM, Chris Hegarty wrote: > >> On 17 Aug 2016, at 18:54, Rajan Halade wrote: >>> sun/net/www/protocol/https tests are redundant in jdk_security3 group, >>> these are included

Re: [8u-dev] Request for Approval: Backport of 8144566: Custom HostnameVerifier disables SNI extension

Changes look good Ramanand. Reviewed. Regards, Sean. On 18/08/2016 07:03, David Buck wrote: Hi Ramanand! As there are (minor) changes between the two change sets, you will need to get a code review of the backported changes. I have included the security-dev alias in the CC list. Cheers,