Looks good to me.
Thanks,
--Jamil
On 9/11/2018 7:22 PM, Xuelei Fan wrote:
Hi Jamil,
Would you please review the fix for the NPE issue:
http://cr.openjdk.java.net/~xuelei/8209916/webrev.00/
The issue may happen if the client supports a SunJSSE provider known
but not supported named group.
Yes I will take a look at this tonight.
--Jamil
Original message From: Xuelei Fan
Date: 9/11/18 7:22 PM (GMT-08:00) To: security-dev@openjdk.java.net, Jamil
Nimeh Subject: Code Review Request, JDK-8209916 :
NPE in SupportedGroupsExtension
Hi Jamil,
Would you please revie
Hi Jamil,
Would you please review the fix for the NPE issue:
http://cr.openjdk.java.net/~xuelei/8209916/webrev.00/
The issue may happen if the client supports a SunJSSE provider known but
not supported named group.
Thanks,
Xuelei
Hi, Martin,
I am ok with your option#1.
Note that your test fails at different places of the code, so you will
need to check and skip test execution before those exception are thrown.
Valerie
On 9/11/2018 7:54 AM, Martin Balao wrote:
Hi Valerie,
On Fri, Aug 31, 2018 at 9:16 PM, Valerie Peng
On 9/11/18 12:34 PM, Alan Bateman wrote:
What are the implications for uses of javax.tools and
com.sun.tools.javac.Main in code running with a security manager?
Maybe that is a separate project but I would have expected to see
privileged blocks in places that need permissions.
The intent wa
On 09/11/2018 12:53 PM, Sean Mullan wrote:
I have looked over the changes and they look reasonable, though I am
not very familiar with this code.
I was wondering, when running with the PermissiveTestSecurityManager
did you also have to enable security debugging (ex:
java.security.debug=acc
I have looked over the changes and they look reasonable, though I am not
very familiar with this code.
I was wondering, when running with the PermissiveTestSecurityManager did
you also have to enable security debugging (ex:
java.security.debug=access) so that you log the permissions that were
Hi Paul,
Thank you for bringing this issue to our attention. While we agree that
this does indeed seem like an issue that should be addressed, it is
quite late in the JDK 11 schedule, and it does not appear to be a new
issue introduced in JDK 11. We will be investigating this offline and
will
Alan,
Thanks for all the feedback. I'll add the extra test case you suggest.
-- Jon
On 09/11/2018 12:34 PM, Alan Bateman wrote:
On 11/09/2018 19:42, Jonathan Gibbons wrote:
:
As regards the interaction between Source Launcher and the use of a
security manager, I see 3 possibilities:
1.
On 11/09/2018 19:42, Jonathan Gibbons wrote:
:
As regards the interaction between Source Launcher and the use of a
security manager, I see 3 possibilities:
1. Specifically support it, as provided in this webrev
2. No code change, but update JEP 330 to specify the behavior
3. Explicitly reject
On 9/11/18 8:14 AM, Langer, Christoph wrote:
Hi,
first of all, I suggest to use "jarDetails" instead of "jarPath" as category name. Because with this
contribution we add the notion of jar file plus line of manifest to Exceptions occurring when parsing jar manifests. And if there
were further E
On 9/11/18 12:58 AM, Alan Bateman wrote:
On 10/09/2018 21:37, Jonathan Gibbons wrote:
Please review a patch to have the Source Launcher be able to work
when a security manager is enabled.
It's not clear to me that this is an interesting use-case but in any
case I think you've got two scenari
cross-posting to security-dev since this is related to SSL/TLS.
On 9/11/18 11:41 AM, Hohensee, Paul wrote:
The default value for the maximum number of entries in the SSL session cache
(which is a SoftReference cache) is infinite, and the entry timeout is 24
hours. With larger heaps, we’re runn
On 9/10/2018 7:49 PM, Xuelei Fan wrote:
The motivation of the JEP is that some formulas may be more easier to
expose attacks. It's true that the formulas impact the security level
of the implementation. I was just wondering if the JEP proposed
formulas have been well analyze. A standard or
This sounds great.
I have no idea how many people still use X509TrustManager, sorry.
It may be a good idea to add something to the java docs to tell people to
prefer X509ExtendedTrustManager as well.
Bye
Norman
> Am 11.09.2018 um 16:44 schrieb Xuelei Fan :
>
> Hi Norman,
>
>
> It may be do
Hi Valerie,
On Fri, Aug 31, 2018 at 9:16 PM, Valerie Peng
wrote:
> Hi Martin,
>
> In TestTLS12.java, you call the initSecmod() inside initialize() and when
> initSecmod() returns false, you return from initialize() and continue down
> the main(). Is this intentional? Other tests seems to be skip
Hi Norman,
It may be doable by adding a delegation mode to public TrustManagerFactory:
TrustManagerFactory.init(X509TrustManager proxy)
However, the X509ExtendedTrustManager should be recommended for now
since its introducing in JDK 7.
Do you know how many users are still using the X509Tr
Hi,
first of all, I suggest to use "jarDetails" instead of "jarPath" as category
name. Because with this contribution we add the notion of jar file plus line of
manifest to Exceptions occurring when parsing jar manifests. And if there were
further Exception details to be added in the area of ja
> I don't have a strong opinion on making Manifest.jarFilename final
Hi, just making it final leads to compile errors anyway.
Best regards, Matthias
> -Original Message-
> From: Weijun Wang
> Sent: Dienstag, 11. September 2018 13:04
> To: Baesken, Matthias
> Cc: Langer, Christoph ;
Attributes.java:
- Line 377: Too long, add a break.
Otherwise fine.
I don't have a strong opinion on making Manifest.jarFilename final or a
different property name.
Thanks
Max
> On Sep 11, 2018, at 5:07 PM, Baesken, Matthias
> wrote:
>
> Hello, please check the new webrev :
>
> http://cr
Hi all,
Would it be possible to consider exposing
SSLContextImpl#AbstractTrustManagerWrapper somehow so it would be possible to
reuse it when a custom SSLEngine / SSLContextSpi is provided ?
I am asking because it provides really nice extra functionality by wrapping for
X509TrustManager implem
Hello, please check the new webrev :
http://cr.openjdk.java.net/~mbaesken/webrevs/8205525.10/
I kept the jarPath category name .
Best regards, Matthias
> -Original Message-
> From: Langer, Christoph
> Sent: Montag, 10. September 2018 21:30
> To: Weijun Wang ; Baesken, Matthias
>
>
On 10/09/2018 21:37, Jonathan Gibbons wrote:
Please review a patch to have the Source Launcher be able to work when
a security manager is enabled.
It's not clear to me that this is an interesting use-case but in any
case I think you've got two scenarios to test. One is setting
java.security.man
23 matches
Mail list logo