On Sat, 7 May 2022 11:46:37 GMT, Daniel Fuchs wrote:
>> Hi, please find here a patch that solves a rare intermittent test failure
>> observed in the test `java/net/httpclient/ExecutorShutdown.java`
>>
>> A race condition coupled with some too eager synchronization was causing a
>> deadlock bet
On Sat, 7 May 2022 11:46:37 GMT, Daniel Fuchs wrote:
>> Hi, please find here a patch that solves a rare intermittent test failure
>> observed in the test `java/net/httpclient/ExecutorShutdown.java`
>>
>> A race condition coupled with some too eager synchronization was causing a
>> deadlock bet
On Thu, 13 Jan 2022 12:10:11 GMT, Michael McMahon wrote:
> Hi,
>
> This change adds Channel Binding Token (CBT) support to HTTPS
> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos)
> authentication scheme. When enabled, the implementation preemptivel
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has
On Thu, 27 Jan 2022 16:47:52 GMT, Daniel Fuchs wrote:
>> It's `java.net.SocketException: Unexpected end of file from server`. Does
>> not include any CBT words so don't know if it's worth parsing.
>
> Thanks. Then it would be better to catch only `SocketException` here rather
> than `Exception`
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has update
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has updated
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael Mc
On Tue, 25 Jan 2022 11:34:57 GMT, Michael Osipov wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> final review update (pre CSR)
>
> src/java.base/share/classes/sun/net/www
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Mich
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has u
On Mon, 24 Jan 2022 15:23:44 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contain
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has update
On Fri, 21 Jan 2022 19:48:02 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> added root cause to NamingException
>
> src/java.base/share/classes/java/net/doc-file
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McM
On Fri, 21 Jan 2022 13:39:06 GMT, Michael Osipov wrote:
>> Actually, it turns out I should be throwing `NamingException` here. That is
>> what was being thrown by `TlsChannelBinding.parseType` before and an
>> existing test was expecting that. NamingException only takes a String
>> message. So
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has u
On Fri, 21 Jan 2022 13:38:08 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/http/HttpClient.java line 189:
>>
>>> 187: } else {
>>> 188: logError("Unexpected value for \"jdk.https.negotiate.cbt\"
>>
On Thu, 20 Jan 2022 11:16:16 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed sasl module dependency and added SaslException cause
>
> src/java.base/s
On Thu, 20 Jan 2022 11:14:40 GMT, Michael Osipov wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed sasl module dependency and added SaslException cause
>
> src/java.naming/s
On Thu, 20 Jan 2022 11:04:18 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed sasl module dependency and added SaslException cause
>
> src/java.base/share/
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon
On Wed, 19 Jan 2022 22:25:43 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> changes after first review round
>
> src/java.naming/share/classes/com/sun/jndi/ld
;, "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael
On Fri, 14 Jan 2022 15:06:12 GMT, Daniel Fuchs wrote:
> Have you been able to test this on a specific setup? Would be good to hear
> from @msheppar too.
I have tested it with the server setup by Prajwal. Security SQE are looking
into configuring a server with a similar setup which can be teste
On Wed, 19 Jan 2022 15:36:16 GMT, Michael McMahon wrote:
>>> It's actually a purely system property rather than a Net property at the
>>> moment (same as the other spnego ones). Maybe, I should convert them all to
>>> net properties, so they can be documented
On Sat, 15 Jan 2022 14:02:15 GMT, Michael Osipov wrote:
>> I suggest moving the `TlsChannelBinding` class into
>> `java.base/sun.security.util` since it's not only used by LDAP anymore. It's
>> even not restricted to GSS-API. According to
>> https://www.rfc-editor.org/rfc/rfc5056, "Although in
On Mon, 17 Jan 2022 13:49:35 GMT, Daniel Fuchs wrote:
>> I vote for "jdk.https.tls.cbt"
>
>> It's actually a purely system property rather than a Net property at the
>> moment (same as the other spnego ones). Maybe, I should convert them all to
>> net properties, so they can be documented/set i
On Mon, 17 Jan 2022 13:44:06 GMT, Daniel Fuchs wrote:
>> Shall we log a message if the value is not one of the 3 forms?
>
> Usually malformed values are just ignored - and the property takes its
> default value. But yes - s.n.w.h.HttpClient has a logger so it wouldn't be
> much effort to log it
On Fri, 14 Jan 2022 14:52:13 GMT, Daniel Fuchs wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively includes
On Thu, 13 Jan 2022 18:18:24 GMT, Daniel Fuchs wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively includes
Hi,
This change adds Channel Binding Token (CBT) support to HTTPS
(java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos)
authentication scheme. When enabled, the implementation preemptively includes a
CBT with authentication requests over Kerberos. The feature is enabled
On Mon, 6 Dec 2021 21:27:48 GMT, Michael McMahon wrote:
> This updates the testkeys keystore file used by SimpleSSLContext in the test
> tree, in order to add subject alt names for the literal IP addresses
> "127.0.0.1" and "::1". This should allow the s
On Tue, 7 Dec 2021 15:03:31 GMT, Daniel Fuchs wrote:
>> test/jdk/com/sun/net/httpserver/SANTest.java line 77:
>>
>>> 75: int port1 = s1.getAddress().getPort();
>>> 76: int port2 = s2.getAddress().getPort();
>>> 77: test ("127.0.0.1", root+"/test1", port2, "sma
This updates the testkeys keystore file used by SimpleSSLContext in the test
tree, in order to add subject alt names for the literal IP addresses
"127.0.0.1" and "::1". This should allow the self signed certificate in the
keystore to be accepted even when the local OS doesn't have a localhost to
On Fri, 29 Oct 2021 16:17:46 GMT, Aleksei Efimov wrote:
>> This change implements a new service provider interface for host name and
>> address resolution, so that java.net.InetAddress API can make use of
>> resolvers other than the platform's built-in resolver.
>>
>> The following API classes
On Tue, 26 Oct 2021 16:24:48 GMT, Aleksei Efimov wrote:
>> This change implements a new service provider interface for host name and
>> address resolution, so that java.net.InetAddress API can make use of
>> resolvers other than the platform's built-in resolver.
>>
>> The following API classes
On Wed, 23 Jun 2021 12:10:54 GMT, Mahendra Chhipa
wrote:
>> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
>
> Mahendra Chhipa has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Implemented reviw comments.
Marked as revie
On Thu, 17 Jun 2021 16:23:08 GMT, Mahendra Chhipa
wrote:
>> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
>
> Mahendra Chhipa has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Implemented review comments
test/jdk/sun/ne
On Thu, 4 Mar 2021 15:56:58 GMT, Fernando Guallini
wrote:
>> Certain JVM tools may access and initialise InetAddress class and its static
>> fields during start up resulting in a NameService implementation being
>> already set to the default **PlatformNameService**, causing intermittent
>> fa
On Mon, 12 Oct 2020 13:50:30 GMT, Daniel Fuchs wrote:
>> Hi,
>>
>> This is a fix that upgrades the old HTTP and HTTPS legacy stack to use
>> virtual-thread friendly locking instead of
>> synchronized monitors.
>> Most of the changes are mechanical - but there are still a numbers of subtle
>> n
On Fri, 9 Oct 2020 09:17:48 GMT, Daniel Fuchs wrote:
>> src/java.base/share/classes/sun/net/www/MeteredStream.java line 123:
>>
>>> 121: lock();
>>> 122: try {
>>> 123: if (closed) return -1;
>>
>> This double check of `closed` is kind of irritating. Is it really nee
Hi Xuelei,
I have some concerns about these bugs also, though not exactly the same
as yours:
The "jdk.tls.client.protocols" system property is not part of the HTTP
client API. So, it's not
clear to me why the HTTP client is expected to enforce it. It is equally
possible for any code using
SS
Looks fine to me Daniel.
- Michael.
On 02/09/2019, 14:00, Daniel Fuchs wrote:
Hi,
(cc-ing security dev for the changes in
test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
which is updated to allow for binding on a specific
IP Address)
Please find below a patch for:
8230435: Replace
Thanks for reporting this. I will look into it.
- Michael
On 20/07/2018, 08:38, Severin Gehwolf wrote:
Adding net-dev
On Fri, 2018-07-20 at 08:52 +0200, Thomas Lußnig wrote:
Hi,
i found an bug in JDK 10 with the new HttpClient. It does not handle
responses wihtout contentlength correctly.
Nor
Looks good Chris.
- Michael.
On 26/06/2018, 11:45, Chris Hegarty wrote:
Seems that the integration of TLS 1.3 erroneously added a number of
HTTP Client tests to the ProblemList. Previous to the TLS 1.3 push,
work was done to ensure that the HTTP Client tests ran successfully
with the changes
I've just noticed the SSLParameters.setUseCipherSuitesOrder() method.
I guess this can be used to enforce a higher priority for the h2
compatible ciphers
on the server side.
On the new API, I'm not sure about the SSLBase, SSLFunction construct
either.
I don't think it is very clear, and if its
On 04/06/15 15:18, Simone Bordet wrote:
Hi,
On Thu, Jun 4, 2015 at 3:08 PM, Michael McMahon
wrote:
On 04/06/15 13:19, Simone Bordet wrote:
Hi,
On Wed, Jun 3, 2015 at 8:23 AM, Xuelei Fan wrote:
Per section 4, RFC 7301:
"... The
"application_layer_protocol_negotiation&qu
On 04/06/15 13:19, Simone Bordet wrote:
Hi,
On Wed, Jun 3, 2015 at 8:23 AM, Xuelei Fan wrote:
Per section 4, RFC 7301:
"... The
"application_layer_protocol_negotiation" ServerHello extension is
intended to be definitive for the connection (until the connection is
renegotiated) a
On 25/05/15 12:34, Simone Bordet wrote:
Hi,
On Mon, May 25, 2015 at 12:08 PM, Michael McMahon
wrote:
Hi Brad,
A couple of initial comments/questions.
1) Certificate selection is one feature envisaged by ALPN. ie a client or a
server
ought to be able to choose a different certificate
Hi Brad,
A couple of initial comments/questions.
1) Certificate selection is one feature envisaged by ALPN. ie a client
or a server
ought to be able to choose a different certificate depending on the
application name
that gets negotiated. Is that possible with this API?
2) The notion
On 17/09/14 16:25, Simone Bordet wrote:
Hi,
On Wed, Sep 17, 2014 at 4:11 PM, Michael McMahon
wrote:
Okay, I see the point you are making. It's more a question of whether
the constraints themselves are appropriate.
And convince the HTTP/2 editors :(
I've another question. In the w
c/issues/612
On Wed, Sep 17, 2014 at 3:17 PM, Simone Bordet wrote:
Hi,
On Wed, Sep 17, 2014 at 12:57 PM, Michael McMahon
wrote:
Hi Simone,
I'm interested to understand why you think this Http 2 requirement
is difficult or impossible to implement in the JDK currently.
I thought, cipher
Hi Simone,
I'm interested to understand why you think this Http 2 requirement
is difficult or impossible to implement in the JDK currently.
I thought, cipher suite selection would be independent of the ALPN
mechanism.
So, a Http 2 client implementation would ensure that allowed ciphers
are in
On 26/08/14 09:05, Wang Weijun wrote:
On Aug 26, 2014, at 15:57, Michael McMahon wrote:
Thanks for doing this Max. The syntax looks fine.
Just one question. Do you think it is better to specify each socket option
literally in the tool
as you have done (ie. the only supported
Thanks for doing this Max. The syntax looks fine.
Just one question. Do you think it is better to specify each socket
option literally in the tool
as you have done (ie. the only supported NetworkPermission
is SO_FLOW_SLA with this change) or allow users to type in the option
name as free-form t
Max,
These changes look fine. Just a couple of minor comments:
L130 in Client.java appears to be superfluous now.
The comment at L186 in Server.java might probably should
be removed or else expanded upon.
Thanks
Michael
On 23/06/14 09:09, Wang Weijun wrote:
Ping again.
On Jun 12, 2014, at
My understanding is that the original PMTU discovery spec RFC 1191
is not very effective due to its reliance on ICMP messages that are often
filtered out by routers. There was an update in RFC 4821 which removes
the dependency on ICMP and that seems to be effective
I'm just wondering then how DTL
Hi,
This is a fix adding some checks for pending exceptions in the JGSS
native code.
All of these cases could only practically happen in case of
OutOfMemoryError.
There are a couple of places where the JNI spec isn't completely clear
whether
the exception will be thrown. In those cases, we che
Seems fine to me Xuelei.
- Michael
On 19/08/13 06:56, Xuelei Fan wrote:
If no objections, I will push the change by COB Monday.
Thanks,
Xuelei
On 8/13/2013 4:29 PM, Xuelei Fan wrote:
Can I get an additional code review from networking team?
Thanks,
Xuelei
On 8/12/2013 2:07 PM, Weijun Wang
I don't see how this fixes the original problem as the SNIHostName spec
still doesn't like hostnames with a trailing '.'
I'd prefer to check first where that requirement is coming from, if it is
actually necessary, and if not consider removing it from SNIHostName.
If it is necessary, then the che
, I think.
As above, if the trailing "." is treated as root label, I think the
return value can be either "." or "". The current implementation throws
a StringIndexOutOfBoundsException.
However, what empty domain name ("") really means? I would pref
On 07/08/13 15:13, Xuelei Fan wrote:
On 8/7/2013 10:05 PM, Michael McMahon wrote:
Resolvers seem to accept queries using trailing dots.
eg nslookup www.oracle.com.
or InetAddress.getByName("www.oracle.com.");
The part of RFC3490 quoted below seems to me to be saying
that the e
I don't really understand the reason for the restriction in SNIHostName
But, I guess that is where it should be enforced if it is required.
Michael.
On 06/08/13 17:43, Dmitry Samersoff wrote:
Xuelei,
. (dot) is perfectly valid domain name and it means root domain so com.
is valid domain name a
Weijun Wang wrote:
The internal structure of NTLMAuthentication is changed and that's why
I changed the serialVersionUid as well. If unchanged, I guess the old
serialized form can still be accepted by the new class, but all new
field will become null/0. After the change, any such deserializatio
Why is the serialVersionUid changed in NTLMAuthentication?
Otherwise, the encapsulation of NTLM in the new API looks quite
concise and neat to me? Looks fine.
- Michael
Vincent Ryan wrote:
The SASL component looks good Max.
Michael/Chris: have you any comments on the NTLM changes?
On 25/0
Changeset: 052f056f7ba1
Author:michaelm
Date: 2009-10-20 15:35 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/052f056f7ba1
6890349: Fix #6870935 in jdk7/pit/b74 caused HttpClinet's check for "proxy
capture" attack by-passed.
Summary: pass exception up stack
Reviewed-by: cheg
Changeset: 57fe28f3878a
Author:michaelm
Date: 2009-10-15 12:03 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/57fe28f3878a
6886436: Lightwight HTTP Container (com.sun.* package) is unstable
Reviewed-by: chegar
! src/share/classes/sun/net/httpserver/ExchangeImpl.java
! src/sh
Changeset: f0fdc4dd97d5
Author:michaelm
Date: 2009-10-02 13:57 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f0fdc4dd97d5
6870935: DIGEST proxy authentication fails to connect to URLs with no trailing
slash
Reviewed-by: chegar
! src/share/classes/sun/net/www/protocol/http/
Changeset: dd724911c90a
Author:michaelm
Date: 2009-09-29 10:00 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dd724911c90a
6886108: Test case B4933582 binding to fixed port number
Reviewed-by: chegar
! test/java/net/Authenticator/B4933582.java
! test/sun/net/www/httptest/Htt
Changeset: 89b14d3740dc
Author:michaelm
Date: 2009-06-29 15:05 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/89b14d3740dc
6827999: 6827999: URLClassLoader.addURL(URL) adds URLs to closed class loader
Reviewed-by: chegar
! src/share/classes/sun/misc/URLClassPath.java
+ test/
Changeset: 806c5e4d1265
Author:michaelm
Date: 2009-06-29 13:10 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/806c5e4d1265
6513803: httpserver regression test Test13 failing and causing
NullPointerException
Summary: check for NPEs
Reviewed-by: chegar
! test/com/sun/net/http
Max,
One question. Would this mechanism work for any possible GSS security
mechanism?
In other words, is all the information you need encapsulated inside a single
GSSCredential object?
Also, java.net.Authenticator was designed very much for the original
HTTP authentication
schemes (Basic and
Changeset: d6881542bfef
Author:michaelm
Date: 2009-01-30 22:05 +
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d6881542bfef
4167874: URL-downloaded jar files can consume all available file descriptors
Summary: added close method to URLClassLoader
Reviewed-by: alanb
! src/shar
Changeset: abf3e1aa8031
Author:michaelm
Date: 2008-09-22 15:53 +0100
URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/abf3e1aa8031
6739920: java 6u4~ use larger C heap if there are many threads
Reviewed-by: chegar
! src/share/classes/java/net/AbstractPlainSocketImpl.java
! src/sola
Changeset: c7fae5013939
Author:michaelm
Date: 2008-09-19 13:32 +0100
URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/c7fae5013939
6750364: Error in test for 6744329
Reviewed-by: chegar
! test/com/sun/net/httpserver/bugs/B6744329.java
Changeset: e57447118235
Author:michaelm
Da
Changeset: b0378bb50d83
Author:michaelm
Date: 2008-09-11 17:46 +0100
URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/b0378bb50d83
6744329: Exception in light weight http server code
Reviewed-by: chegar
! src/share/classes/sun/net/httpserver/ChunkedOutputStream.java
+ test/com/sun/
Changeset: afcf04c535da
Author:michaelm
Date: 2008-08-21 10:04 -0700
URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/afcf04c535da
6258215: Num of backlog in ServerSocket(int, int) should be mentioned more
explicitly
Summary: updated javadoc
Reviewed-by: chegar
! src/share/classes
Changeset: 8f63365a2586
Author:michaelm
Date: 2008-07-23 12:05 +0100
URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/8f63365a2586
6728076: Test case for 6536211 is failing on all platforms
Summary: exception needed to be caught and logged
Reviewed-by: chegar
! src/share/classes/su
Changeset: c9be2cc052b5
Author:michaelm
Date: 2008-07-14 11:39 +0100
URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/c9be2cc052b5
6536211: flaw in ServerImpl
Summary: removed doPrivileged block
Reviewed-by: jccollet
! src/share/classes/sun/net/httpserver/ServerImpl.java
Changeset: d3c74bae3688
Author:michaelm
Date: 2008-07-10 17:40 +0100
URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/d3c74bae3688
6536211: flaw in ServerImpl
Summary: removed doPrivileged block
Reviewed-by: jccollet
! src/share/classes/sun/net/httpserver/ServerImpl.java
+ test/clo
82 matches
Mail list logo