RFR: 8253866: Security Libs Terminology Refresh

2021-01-13 Thread Jamil Nimeh
This is the security libs portion of the effort to replace archaic/non-inclusive words with more neutral terms (see JDK-8253315 for details). Here are the changes covering core libraries code and tests. Terms were changed as follows: - blacklisted.certs -> blocked.certs (along with supporting

Re: RFR: 8258915: Temporary buffer cleanup

2021-01-13 Thread Weijun Wang
On Wed, 13 Jan 2021 22:19:00 GMT, Rajan Halade wrote: > please add noreg label to the JBS bug. Added. Thanks. - PR: https://git.openjdk.java.net/jdk/pull/2070

Re: RFR: 8256895: Add support for RFC 8954: Online Certificate Status Protocol… [v2]

2021-01-13 Thread Jamil Nimeh
On Tue, 12 Jan 2021 19:18:18 GMT, Hai-May Chao wrote: >> This enhancement adds support for the nonce extension in OCSP request >> extensions by system property jdk.security.certpath.ocspNonce. >> >> Please review the CSR at: >> https://bugs.openjdk.java.net/browse/JDK-8257766 > > Hai-May Chao h

Re: RFR: 8259662: SocketException should be passed through [v2]

2021-01-13 Thread Clive Verghese
> Redo for 8237578: JDK-8214339 (SSLSocketImpl wraps SocketException) appears > to not be fully fixed > > This also fixes JDK-8259516: Alerts sent by peer may not be received > correctly during TLS handshake Clive Verghese has updated the pull request incrementally with one additional commit s

Re: RFR: 8259662: SocketException should be passed through [v2]

2021-01-13 Thread Clive Verghese
On Wed, 13 Jan 2021 18:41:26 GMT, Rajan Halade wrote: >> Clive Verghese has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Fix bugids and use server port passed as a parameter > > test/jdk/sun/security/ssl/SSLContextImpl/ShouldThrowSSLExcep

Integrated: 8259401: Add checking to jarsigner to warn weak algorithms used in signer’s cert chain

2021-01-13 Thread Hai-May Chao
On Tue, 12 Jan 2021 03:34:00 GMT, Hai-May Chao wrote: > The jarsigner tool currently provides warning associated with the signer’s > cert when it uses weak algorithms, but not for the CA certs. This change is > to process the signer’s cert chain to warn if CA certs use weak algorithms. This pu

Re: RFR: 8258915: Temporary buffer cleanup

2021-01-13 Thread Rajan Halade
On Wed, 13 Jan 2021 21:32:07 GMT, Weijun Wang wrote: > Clean up temporary byte array, char array, and keyspec around keys and > passwords. > > No new regression test. please add noreg label to the JBS bug. - PR: https://git.openjdk.java.net/jdk/pull/2070

Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in si… [v2]

2021-01-13 Thread Hai-May Chao
On Wed, 13 Jan 2021 20:25:53 GMT, Sean Mullan wrote: >> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line >> 1484: >> >>> 1482: // If the cert is trusted, only check its key size, >>> but not its >>> 1483: // signature algorithm. This is

Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in signer’s cert chain [v2]

2021-01-13 Thread Hai-May Chao
On Wed, 13 Jan 2021 15:17:22 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> No warning for trusted cert's SHA1, and added debug output to test > > src/jdk.jartool/share/classes/sun/security/tools/

Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in signer’s cert chain [v2]

2021-01-13 Thread Hai-May Chao
On Wed, 13 Jan 2021 20:26:17 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> No warning for trusted cert's SHA1, and added debug output to test > > Marked as reviewed by mullan (Reviewer). Thanks

Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in si… [v3]

2021-01-13 Thread Hai-May Chao
> The jarsigner tool currently provides warning associated with the signer’s > cert when it uses weak algorithms, but not for the CA certs. This change is > to process the signer’s cert chain to warn if CA certs use weak algorithms. Hai-May Chao has updated the pull request incrementally with on

RFR: 8258915: Temporary buffer cleanup

2021-01-13 Thread Weijun Wang
Clean up temporary byte array, char array, and keyspec around keys and passwords. No new regression test. - Commit messages: - 8258915: More temporary buffer cleanup Changes: https://git.openjdk.java.net/jdk/pull/2070/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=20

Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in si… [v2]

2021-01-13 Thread Sean Mullan
On Wed, 13 Jan 2021 15:13:52 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> No warning for trusted cert's SHA1, and added debug output to test > > src/jdk.jartool/share/classes/sun/security/tools/

Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in si… [v2]

2021-01-13 Thread Sean Mullan
On Wed, 13 Jan 2021 01:21:14 GMT, Hai-May Chao wrote: >> The jarsigner tool currently provides warning associated with the signer’s >> cert when it uses weak algorithms, but not for the CA certs. This change is >> to process the signer’s cert chain to warn if CA certs use weak algorithms. > > H

[jdk16] Withdrawn: 8258915: More temporary buffer cleanup

2021-01-13 Thread Weijun Wang
On Fri, 8 Jan 2021 19:08:34 GMT, Weijun Wang wrote: > More temporary byte array, char array, keyspec cleanup around keys and > passwords. > > No new regression test. This pull request has been closed without being integrated. - PR: https://git.openjdk.java.net/jdk16/pull/98

Re: RFR: 8259662: SocketException should be passed through

2021-01-13 Thread Rajan Halade
On Wed, 13 Jan 2021 06:19:18 GMT, Clive Verghese wrote: > Redo for 8237578: JDK-8214339 (SSLSocketImpl wraps SocketException) appears > to not be fully fixed > > This also fixes JDK-8259516: Alerts sent by peer may not be received > correctly during TLS handshake Changes requested by rhalade

Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in si… [v2]

2021-01-13 Thread Rajan Halade
On Wed, 13 Jan 2021 01:21:14 GMT, Hai-May Chao wrote: >> The jarsigner tool currently provides warning associated with the signer’s >> cert when it uses weak algorithms, but not for the CA certs. This change is >> to process the signer’s cert chain to warn if CA certs use weak algorithms. > > H

Re: RFR: 8023980: JCE doesn't provide any class to handle RSA private key in PKCS#1 [v3]

2021-01-13 Thread Weijun Wang
On Wed, 13 Jan 2021 00:54:16 GMT, Valerie Peng wrote: >> Can someone help review this? >> >> This change enhances RSA KeyFactory impl of SunRsaSign and SunPKCS11 >> providers to accept RSA keys in PKCS#1 format and encoding and translate >> them to provider-specific RSA keys. Updated the relev

Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in si… [v2]

2021-01-13 Thread Weijun Wang
On Wed, 13 Jan 2021 01:21:14 GMT, Hai-May Chao wrote: >> The jarsigner tool currently provides warning associated with the signer’s >> cert when it uses weak algorithms, but not for the CA certs. This change is >> to process the signer’s cert chain to warn if CA certs use weak algorithms. > > H

Re: RFR: 8259662: SocketException should be passed through

2021-01-13 Thread Daniel Fuchs
On Wed, 13 Jan 2021 06:19:18 GMT, Clive Verghese wrote: > Redo for 8237578: JDK-8214339 (SSLSocketImpl wraps SocketException) appears > to not be fully fixed > > This also fixes JDK-8259516: Alerts sent by peer may not be received > correctly during TLS handshake The changes to the HttpClient

RFR: 8259662: SocketException should be passed through

2021-01-13 Thread Clive Verghese
Redo for 8237578: JDK-8214339 (SSLSocketImpl wraps SocketException) appears to not be fully fixed This also fixes JDK-8259516: Alerts sent by peer may not be received correctly during TLS handshake - Commit messages: - 8259662: SocketException should be passed through Changes: ht