Re: [8u] RFR: 8233223: Add Amazon Root CA certificates

I'm not a reviewer but I've had a look at Severin's 8233223 backport and looked good to me too (4 / 4 certificates verified).

SunPKCS11's Secmod and external modules in FIPS mode

Hello, SunPKCS11's Secmod in OpenJDK does not allow modules other than the NSS Software Token to be configured in FIPS mode [1]. To give some context, NSS represents modules internally with a structure called "struct SECMODModuleStr" and the "fips" variable you see in [1] is the "isFIPS" member of

Re: RFR[14] JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3

Looks fine to me. Thanks! Xuelei On 12/20/2019 7:26 AM, sha.ji...@oracle.com wrote: Hi, Because the below tests use MD5withRSA certificates, so TLSv1.3 cannot be used. test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java test/jdk/sun/security/ssl/X509TrustManagerImpl/SelfIssu

RFR[14] JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3

Hi, Because the below tests use MD5withRSA certificates, so TLSv1.3 cannot be used. test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java test/jdk/sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java This fix just re-generates the certificates to use SHA256withRSA. Issue: h

Re: RFR 8236405: Enhancement to Kerberos debug output

Looks fine to me. Since this is a bug, I would remove "Enhancement" from the title. Maybe "Formatting issues in Kerberos debug output". --Sean On 12/20/19 3:39 AM, Weijun Wang wrote: Please review the fix at https://cr.openjdk.java.net/~weijun/8236405/webrev.00 Most are trivial on whites

Re: [8u] RFR: 8232019: Add LuxTrust certificate updates to the existing root program

On Fri, 2019-12-20 at 07:42 +, Andrew John Hughes wrote: > > On 19/12/2019 20:13, Severin Gehwolf wrote: > > snip... > > > > > > > Going on this & the similar Amazon fix, I'd say we should backport > > > JDK-8193255 & JDK-8225392 first. The previous updates which alter a > > > binary file h

Re: RFR 8236405: Enhancement to Kerberos debug output

p.s. If you wonder why it seems there is no change for HostAddress.java, it's just an indentation difference: diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java --- a/

RFR 8236405: Enhancement to Kerberos debug output

Please review the fix at https://cr.openjdk.java.net/~weijun/8236405/webrev.00 Most are trivial on whitespaces and commas etc. I've changed the "LSA" word to "native ccache" in Credentials.java because the output is for both Windows and macOS. Thanks, Max

Re: Missing space in /jdk13/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTab.java DEBUG output

That's a good suggestion. I've filed https://bugs.openjdk.java.net/browse/JDK-8236405. Thanks, Max > On Dec 10, 2019, at 1:47 AM, Brian Dyson wrote: > > In KeyTab.java, if DEBUG is true, then System.out is written to. > > In the readServiceKeys method (at about line 303), there is the followi

Re: Incorrect documentation

I've already updated the words into The format of the Signature bytes for these algorithms is the concatenation of the integers r and s in raw bytes. It does not have the same detail as your description but I think it's enough to be differentiated from the one with an ASN.1 encoding. Thank