Re: RFR 8215776: Keytool importkeystore may mix up certificate chain entries when DNs conflict

2019-01-16 Thread Weijun Wang
I'll take a look. I thought java.security.cert.X509CertSelector is used by CertPath validators and builders internally and never thought it can be called directly. Thanks, Max > On Jan 17, 2019, at 1:49 AM, Xuelei Fan wrote: > > Hi Max, > > I did not look into the detailed implementation of

[12] RFR: 8216280: Allow later Symantec Policy distrust date for two Apple SubCAs

2019-01-16 Thread Sean Mullan
Please review this change to allow a later Symantec Policy distrust date for two Apple subordinate CAs. webrev: http://cr.openjdk.java.net/~mullan/webrevs/8216280/webrev.00/ bug: https://bugs.openjdk.java.net/browse/JDK-8216280 For some background, the JDK will stop trusting TLS Server

Re: Code Review Request, JDK-8216045 The size of key_exchange may be wrong on FFDHE

2019-01-16 Thread Jamil Nimeh
Hi Xuelei, this looks good to me. --Jamil On 1/15/2019 7:45 AM, Xue-Lei Fan wrote: Hi, Could I have the update reviewed?    http://cr.openjdk.java.net/~xuelei/8216045/webrev.00/ While getting the encoded public key for DH key exchange,  the leading zeros of the key are not trimmed and the

Re: RFR 8215776: Keytool importkeystore may mix up certificate chain entries when DNs conflict

2019-01-16 Thread Xuelei Fan
Hi Max, I did not look into the detailed implementation of findIssuer() yet. Have you considered to use java.security.cert.X509CertSelector? Thanks, Xuelei On 1/9/2019 6:59 AM, Weijun Wang wrote: Please take a review at https://cr.openjdk.java.net/~weijun/8215776/webrev.00/

Re: RFR 6722928: Support SSPI as a native GSS-API provider

2019-01-16 Thread Nico Williams
On Thu, Jan 17, 2019 at 12:15:54AM +0800, Weijun Wang wrote: > So I can just throw away the 'extern "c"' line? No, no need.

Re: RFR 6722928: Support SSPI as a native GSS-API provider

2019-01-16 Thread Weijun Wang
> On Jan 17, 2019, at 12:13 AM, Nico Williams > wrote: > > On Wed, Jan 16, 2019 at 11:12:00AM -0500, Christos Zoulas wrote: >> On Jan 17, 12:04am, weijun.w...@oracle.com (Weijun Wang) wrote: >> -- Subject: Re: RFR 6722928: Support SSPI as a native GSS-API provider >> >> | Hi Nico, >> | >>

Re: RFR 6722928: Support SSPI as a native GSS-API provider

2019-01-16 Thread Nico Williams
On Wed, Jan 16, 2019 at 11:12:00AM -0500, Christos Zoulas wrote: > On Jan 17, 12:04am, weijun.w...@oracle.com (Weijun Wang) wrote: > -- Subject: Re: RFR 6722928: Support SSPI as a native GSS-API provider > > | Hi Nico, > | > | Can you provide more explanation on below? I have't touched C/C++ for

Re: RFR 6722928: Support SSPI as a native GSS-API provider

2019-01-16 Thread Christos Zoulas
On Jan 17, 12:04am, weijun.w...@oracle.com (Weijun Wang) wrote: -- Subject: Re: RFR 6722928: Support SSPI as a native GSS-API provider | Hi Nico, | | Can you provide more explanation on below? I have't touched C/C++ for quite= | some time and I really forgot what extern "C" is for. I included

Re: RFR 6722928: Support SSPI as a native GSS-API provider

2019-01-16 Thread Weijun Wang
Hi Nico, Can you provide more explanation on below? I have't touched C/C++ for quite some time and I really forgot what extern "C" is for. I included it here only because it's also in gssapi.h and I thought I should make the declaration and implementation consistent. The getenv line compiles