On Wed, 26 Jan 2022 05:45:58 GMT, Hai-May Chao wrote:
>> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
>> line 759:
>>
>>> 757: "denyAfter constraint check failed: " +
>>> algorithm +
>>> 758: " used with Constra
On Tue, 25 Jan 2022 22:40:36 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Revert to get denyAfter from exception and reload caks
>
> src/java.base/share/classes/sun/security/util/DisabledAlgorit
> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
> class when performing algorithm constraints checks. This change is to enhance
> `keytool` to make use of the new methods
> `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters`
> and `checkKey`
> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
> class when performing algorithm constraints checks. This change is to enhance
> `keytool` to make use of the new methods
> `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters`
> and `checkKey`
On Tue, 25 Jan 2022 20:51:17 GMT, Hai-May Chao wrote:
>> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
>> class when performing algorithm constraints checks. This change is to
>> enhance `keytool` to make use of the new methods
>> `DisabledAlgorithmConstraints.per
Hi,
I think it's a mistake. Looking at the old code I believe the if() for
cipher.save() above that was suppose to include the new byte allocation
and offset, but got missed.
Feel free to fix it if you like. Let me know if you need something.
Tony
On 1/25/22 12:06 PM, Sebastian Stenzel wro
On Tue, 25 Jan 2022 14:38:32 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update to get denyAfter and init caks
>
> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1138:
>
On Mon, 24 Jan 2022 21:21:58 GMT, Hai-May Chao wrote:
>> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
>> class when performing algorithm constraints checks. This change is to
>> enhance `keytool` to make use of the new methods
>> `DisabledAlgorithmConstraints.per
> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
> class when performing algorithm constraints checks. This change is to enhance
> `keytool` to make use of the new methods
> `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters`
> and `checkKey`
Hi all,
while playing around with JFR today, I stumbled upon a piece of code that
causes a thousands of byte[] allocations. In fact it is responsible for 90% of
the memory allocations in my application and causes GC to run without pause
during decryption of large files.
The line in question ca
On Mon, 24 Jan 2022 21:17:42 GMT, Hai-May Chao wrote:
>> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 4908:
>>
>>> 4906: if (eMessage.contains("denyAfter constraint check
>>> failed") &&
>>> 4907: e.getReason() ==
>>> BasicReason
On Mon, 24 Jan 2022 21:21:58 GMT, Hai-May Chao wrote:
>> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
>> class when performing algorithm constraints checks. This change is to
>> enhance `keytool` to make use of the new methods
>> `DisabledAlgorithmConstraints.per
On Tue, 25 Jan 2022 00:13:32 GMT, Xue-Lei Andrew Fan wrote:
> A hostname in an URL ending with a dot is valid (See RFC 1034). However, it
> is not a valid SNI hostname. The ending dot should be ignored while checking
> the hostname with SNI or the name in a X.509 certificate.
>
> The update
On Tue, 25 Jan 2022 12:47:26 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/http/HttpClient.java line 150:
>>
>>> 148: * "domain:a,c.d,*.e.f" (sent to host a, or c.d or to the domain
>>> e.f and any of its subdomains). This is
>>> 149: * a comma separated list
On Tue, 25 Jan 2022 11:34:57 GMT, Michael Osipov wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> final review update (pre CSR)
>
> src/java.base/share/classes/sun/net/www/http/HttpClient.java line 150:
>
>> 148
On Tue, 25 Jan 2022 10:30:20 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
On Tue, 25 Jan 2022 10:30:20 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
> Hi,
>
> This change adds Channel Binding Token (CBT) support to HTTPS
> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos)
> authentication scheme. When enabled, the implementation preemptively includes
> a CBT with authentication requests over Kerberos. The feature
18 matches
Mail list logo
