RFR[14] JDK-8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID

Hi, Tests sun/security/pkcs11/Secmod/AddTrustedCert.java and sun/security/pkcs11/tls/TestKeyMaterial.java failed due to some changes in NSS. This fix just workarounds this problem. For more details, please see the comments in this JBS issue. And it also provides a pre-built NSS libs for linux-x

Re: [14] RFR JDK-8176837 "SunPKCS11 provider needs to check more details on PKCS11 Mechanism"

Looks good to me. Thanks, Xuelei On 9/19/2019 5:57 PM, Valerie Peng wrote: Hi Xuelei, I have added the debugging output for the "unknown" case as you suggested. Webrev updated in case you feel like taking another look. http://cr.openjdk.java.net/~valeriep/8176837/webrev.01/ Thanks for the re

Re: [14] RFR JDK-8176837 "SunPKCS11 provider needs to check more details on PKCS11 Mechanism"

Hi Xuelei, I have added the debugging output for the "unknown" case as you suggested. Webrev updated in case you feel like taking another look. http://cr.openjdk.java.net/~valeriep/8176837/webrev.01/ Thanks for the review~ Valerie - Original Message - From: xuelei@oracle.com To: val

Re: [14] RFR JDK-8229243 "SunPKCS11-Solaris provider tests failing on Solaris 11.4"

I am not on the PKCS#11 committee and not sure about the plan. As for which one is right, I am more inclined to the "spec is right" side which is also what NSS picked. Comparing between spec and header, shouldn't the former get more eyeballs in terms of review? The header file also has a depre

Re: JDK 14 RFR of JDK-8231262: Suppress warnings on non-serializable instance fields in security libs serializable classes

Hello, I'd make an exception for interfaces, often these are not serializable, but their implementations may be, in this case a warning would be spurious. Regards, Peter. On 20/09/2019 3:32 AM, Joe Darcy wrote: Hello, Ahead of augmenting javac's serial lint checks under JDK-8160675, it wo

JDK 14 RFR of JDK-8231262: Suppress warnings on non-serializable instance fields in security libs serializable classes

Hello, Ahead of augmenting javac's serial lint checks under JDK-8160675, it would be helpful to mark fields in security libs classes where the class is serializable, but a non-transient instance field does *not* have a serialiable type. Such classes may have difficulties being serialized at r

Re: [14] RFR JDK-8229243 "SunPKCS11-Solaris provider tests failing on Solaris 11.4"

Will the inconsistency structure be continue? I was just wondering if OpenHSM2/Solaris/NSS will fix the bug and use one structure in the future, then we may not need to workaround the issue in the calling side. I had a quick look the PKCS#11 3.0 draft, there is no update of the structure yet.

RFR: 8231222: fix pkcs11 P11_DEBUG guarded native traces

Hello, please reviews this fix of the pkcs11 native tracing( P11_DEBUG guarded native traces ). I had enabled it to look into a issue with pkcs11 not working on a recently patched Linux system . But noticed that the traces did not work any more (probably mostly because of changed