On Wed, 2 Mar 2022 19:04:26 GMT, zzambers wrote:
> When testing compatibility of jdk TLS implementation with gnutls, I have
> found a problem. The problem is, that gnutls does not like use of
> user_canceled alert when closing TLS-1.3 connection from duplexCloseOutput()
> (used by socket.close
CC'ing jdk8u-dev list.
Fridrich, is this an 8u-only problem you are observing? Would you have
some details about the problem so that I can file a bug for you?
Thanks,
Severin
On Tue, 2021-05-25 at 07:12 +0200, Fridrich Strba wrote:
> Hello, good people,
>
> The java 11 implementation of TLS v1.
Hi!
Would anyone be willing to review this?
Many thanks in advance!
Cheers,
Severin
On Thu, 2021-04-29 at 17:24 +0200, Severin Gehwolf wrote:
> Anyone?
>
> On Tue, 2021-04-20 at 12:23 +0200, Severin Gehwolf wrote:
> > Hi,
> >
> > Please review this
Anyone?
On Tue, 2021-04-20 at 12:23 +0200, Severin Gehwolf wrote:
> Hi,
>
> Please review this OpenJDK 8u backport of the certificate_authorities
> extensionj. The OpenJDK 11u patch didn't apply cleanly after path
> unshuffeling, but was fairly trivial to resolve. Conflic
Hi,
Please review this OpenJDK 8u backport of the certificate_authorities
extensionj. The OpenJDK 11u patch didn't apply cleanly after path
unshuffeling, but was fairly trivial to resolve. Conflicts caused by:
1. X509Authentication.java copyright line conflict only. Resolved
manually.
2. SSLCo
On Tue, 2021-03-16 at 10:39 +, Doerr, Martin wrote:
> http://cr.openjdk.java.net/~mdoerr/8243559_root_ca_11u/webrev.00/
This looks good to me.
Thanks,
Severin
Hi Martin,
On Mon, 2021-03-15 at 17:10 +, Doerr, Martin wrote:
> 11u backport:
> http://cr.openjdk.java.net/~mdoerr/8261209_xml_11u/webrev.00/
This doesn't look like the right webrev to me. Could you please double-
check?
Thanks,
Severin
On Fri, 2019-12-20 at 07:42 +, Andrew John Hughes wrote:
>
> On 19/12/2019 20:13, Severin Gehwolf wrote:
>
> snip...
>
> > >
> > > Going on this & the similar Amazon fix, I'd say we should backport
> > > JDK-8193255 & JDK-8225392 firs
Hi Andrew,
On Thu, 2019-12-19 at 19:29 +, Andrew John Hughes wrote:
>
> On 17/12/2019 19:30, Severin Gehwolf wrote:
> > Hi,
> >
> > Could I please get a review of this OpenJDK 8u backport of 8232019. The
> > JDK 11 patch did not apply cleanly for a couple of re
ttp://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8232019/jdk8/01/webrev/raw_files/new/src/share/lib/security/cacerts
Thanks,
Severin
> So thumbs up from me (for both, this one and 8232019).
>
> Best regards,
> Volker
>
> On Tue, Dec 17, 2019 at 8:39 PM Severin Gehwolf wrot
Hi,
Could I please get a review of this OpenJDK 8u backport of 8233223
which depends on 8u backport of 8232019[1]. The JDK 11u patch did not
apply cleanly for a couple of reasons:
1. 8u still has the binary blob for cacerts (JDK-8193255
not backported, yet). Instead, I've updated to the
Hi,
Could I please get a review of this OpenJDK 8u backport of 8232019. The
JDK 11 patch did not apply cleanly for a couple of reasons:
1. 8u still has the binary blob for cacerts (JDK-8193255 not
backported, yet). Instead, I've updated to the revision in jdk11u,
performed a build
On Wed, 2019-09-25 at 15:59 +0100, Andrew John Hughes wrote:
> On 02/09/2019 16:05, Severin Gehwolf wrote:
> > On Mon, 2019-09-02 at 15:38 +0100, Andrew John Hughes wrote:
> > > On 26/08/2019 14:24, Severin Gehwolf wrote:
> > > > Hi,
> > > >
> > &g
On Mon, 2019-09-02 at 15:38 +0100, Andrew John Hughes wrote:
>
> On 26/08/2019 14:24, Severin Gehwolf wrote:
> > Hi,
> >
> > Could I get a review of this follow-up fix for an 8u backport (JDK-
> > 8218780)? This follow-up re-adds a COPYING file to the MUSCLE pcsc
&g
Hi Andrew,
Thanks for the review!
On Wed, 2019-08-28 at 18:15 +0100, Andrew John Hughes wrote:
> On 26/08/2019 14:23, Severin Gehwolf wrote:
> > Hi,
> >
> > Could I please get a review of this MUSCLE header files update in
> > OpenJDK 8u? I'd like to backport t
Hi,
Could I get a review of this follow-up fix for an 8u backport (JDK-
8218780)? This follow-up re-adds a COPYING file to the MUSCLE pcsc
library header files removed by the JDK-8218780 backport. The patch
differs from the version in JDK 11 since there is no pcsclite.md file
in OpenJDK 8u.
Bug:
Hi,
Could I please get a review of this MUSCLE header files update in
OpenJDK 8u? I'd like to backport this bug as it's also going to be in
Oracle JDK 8u231 (equiv to OpenJDK 8u232) as well. The OpenJDK 11 patch
applies almost cleanly post path-unshuffelling. Changes which didn't
apply were a copy
Hi Christoph,
On Fri, 2019-08-09 at 15:04 +, Langer, Christoph wrote:
> Hi,
>
> please review the problemlisting of
> javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java in jdk11u.
> There's an issue with the test, tracked by JDK-8212096. We see this
> issue in 11u testing, too. In jdk/
//cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8203190/03/webrev/
Cheers,
Severin
> best regards,
>
> -- daniel
>
> On 17/05/2019 17:00, Severin Gehwolf wrote:
> > On Fri, 2019-05-17 at 16:28 +0100, Andrew John Hughes wrote:
> > > On 17/05/2019 12:37, Severin Gehwolf wr
On Fri, 2019-05-17 at 16:28 +0100, Andrew John Hughes wrote:
>
> On 17/05/2019 12:37, Severin Gehwolf wrote:
>
> snip...
>
> > The reason was that it's not a good test to be run automatically. It
> > would have to have some heuristic which it uses as "pa
On Fri, 2019-05-17 at 12:07 +0200, Aleksey Shipilev wrote:
> On 5/16/19 7:51 PM, Severin Gehwolf wrote:
> > Could I please get a review of this OpenJDK 8u only fix? JDKs 11+ don't
> > seems to have this issue as with the TLS 1.3 feature (JDK-8196584)
> > SessionId.has
On Thu, 2019-05-16 at 19:10 +0100, Andrew John Hughes wrote:
>
> Change looks good.
Thanks for the review.
> Is there a reason the tests aren't included in the webrev? I think it
> would be better to have them checked in, even if they can't be run
> automatically.
The reason was that it's not a
Hi,
Could I please get a review of this OpenJDK 8u only fix? JDKs 11+ don't
seems to have this issue as with the TLS 1.3 feature (JDK-8196584)
SessionId.hashCode() got changed to use Arrays.hashCode() already.
webrev: http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8203190/01/webrev/
Bug: https:
Hi,
On Wed, 2019-04-17 at 22:43 +, Bernd Eckenfels wrote:
> hello,
>
> I think it was discussed on security-dev before but did not result in
> some action as far as I understand it. Currently the „cacert“ file
> shipped with 8u upstream builds is a bit outdated. It contains
> multiple expire
Hi Andrew,
On Fri, 2019-03-15 at 04:55 +, Andrew John Hughes wrote:
> Bug: https://bugs.openjdk.java.net/browse/JDK-8220641
> Webrev:
> https://cr.openjdk.java.net/~andrew/openjdk8/8220641/webrev.01/
>
> This is the patch we split out from my original post for 8175120. It
> applies the same
Adding security-dev as reviews should happen on the corresponding area
lists. Even for 8.
On Mon, 2019-03-11 at 07:50 +, Andrew John Hughes wrote:
> Bug: https://bugs.openjdk.java.net/browse/JDK-8175120
> Webrev: https://cr.openjdk.java.net/~andrew/openjdk8/8175120/webrev.01/
This looks OK to
On Mon, 2019-02-11 at 10:58 +0100, Daniel Fuchs wrote:
> It looks like this is JDK-8214418 - which has been fixed
> in 12.0.1 b03 and 13-ea b04.
Is there any reason why JDK-8214418 is not public?
"You can't view this issue"
Thanks,
Severin
Hi Jaikiran,
On Fri, 2019-01-25 at 09:47 +0530, Jaikiran Pai wrote:
> Hello Severin,
>
> Thank you for spending time on this. Although that JIRA was raised for
> in context of MySQL driver, having watched this discussion and looked a
> bit into the exception stacktrace, I think it's not really sp
no errors there on WildFly 15.0.1 and JDK
> > 11.
> >
> > 3. I will also try to fall back to JDK 8 and see if it continues in
> > WildFly 15.0.1.
> >
> > 4. The error occurs -- it would seem -- as the pool closes idle
> > connections.
> >
>
me across them in our day to day use
> > of
> > > Java.
> >
> > If there are good reproducers for bugs this would be very welcome.
> > Thanks for investing some time in this!
> >
> > Cheers,
> > Severin
> >
> > [1] http://openjdk.java
/bylaws#author
http://openjdk.java.net/projects/#project-author
[2] http://oss.oracle.com/oca.pdf
> Cordially,
> Dennis
> den...@gesker.com
>
> On Fri, Jan 18, 2019 at 10:07 AM Severin Gehwolf > wrote:
> > On Thu, 2019-01-17 at 10:00 -0700, Dennis Gesker wrote:
&
On Thu, 2019-01-17 at 10:00 -0700, Dennis Gesker wrote:
[...]
> Added the -Djavax.net.debug=all option to my Wildfly startup and
> waited for the pool to close a connection to MySql at AWS.
>
> TXT file attached.
>
> javac 11.0.1
> mysql jdbc driver 8.0.13
> wildfly 15.0.1
>
> --drg
Unfortunat
Dropping hotspot-dev and adding security-dev.
On Wed, 2018-11-14 at 14:39 +0200, Gidon Gershinsky wrote:
> Hi,
>
> We are working on an encryption mechanism at the Apache Parquet -
> that will enable efficient analytics on encrypted data by frameworks
> such as Apache Spark.
> https://github.co
Hi Sean,
On Wed, 2018-10-10 at 07:59 -0400, Sean Mullan wrote:
> On 10/10/18 6:23 AM, Severin Gehwolf wrote:
> > Hi,
> >
> > What is the rationale of using DSA keys (2048 bit) as default for
> > genkeypair command?
> > http://hg.openjdk.java.net/jdk/jdk/file
Hi,
What is the rationale of using DSA keys (2048 bit) as default for
genkeypair command?
http://hg.openjdk.java.net/jdk/jdk/file/c4a39588a075/src/java.base/share/classes/sun/security/tools/keytool/Main.java#l1120
It seems a bad choice given that DSA keys are disabled via Fedora's
crypto policy (
Adding net-dev
On Fri, 2018-07-20 at 08:52 +0200, Thomas Lußnig wrote:
> Hi,
> i found an bug in JDK 10 with the new HttpClient. It does not handle
> responses wihtout contentlength correctly.
> Normally i would expect that the content is returned even without
> content length. Since i can not ope
Hi Max,
On Wed, 2018-06-27 at 09:15 +0800, Weijun Wang wrote:
> Hi Severin and/or Andrew
>
> I'm going through all security bugs with JDK 11 in affected versions and
> noticed this one:
>
>8202598: [linux] keytool -certreq inconsistent with platform line.separator
>https://bugs.openjdk.
On Tue, 2017-11-14 at 18:47 +0800, Wang Weijun wrote:
> > 在 2017年11月14日,18:02,Severin Gehwolf 写道:
> >
> > This looks fine, but I wonder if a regression test would be in
> > order.
> > E.g. test/sun/security/tools/keytool/WeakAlg.java with
> > -Duser.language
Hi,
On Tue, 2017-11-14 at 12:20 +0800, Weijun Wang wrote:
> keytool contains a printf("%d-bit %s key", 1024, "RSA") call but when it's
> translated into French the call becomes printf("Clave %s de %d bits", 1024,
> "RSA") and %s does not match 1024.
>
> The fix adds position parameters to print
but does not hold once
libpcsclite.so.2 comes out?
Cheers,
Severin
[1] https://bugzilla.redhat.com/show_bug.cgi?id=910107
> On 04/24/13 04:05, Florian Weimer wrote:
> > On 03/01/2013 11:30 AM, Severin Gehwolf wrote:
> >> Hi,
> >>
> >> The bug for this review re
On Wed, 2013-04-24 at 13:05 +0200, Florian Weimer wrote:
> On 03/01/2013 11:30 AM, Severin Gehwolf wrote:
> > Hi,
> >
> > The bug for this review request is at:
> > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=9000142
> >
> > In PlatformPCSC.java unv
On Fri, 2013-03-01 at 11:30 +0100, Severin Gehwolf wrote:
> Hi,
>
> The bug for this review request is at:
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=9000142
>
> In PlatformPCSC.java unversioned native libraries are loaded by default
> if no system property is
Hi,
The bug for this review request is at:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=9000142
In PlatformPCSC.java unversioned native libraries are loaded by default
if no system property is specified. This could lead to a JVM crash if
the API of the native library changes, but the Java c
t; That's line 288. Are you suggesting that port string can be
> >>>>> non-numeric
> >>>>> and need a check?
> >>>>>
> >>>>>>
> >>>>>> dns.sh:
> >>>>>> Why we need Shell script here?
&g
;t access it.
Cheers,
Severin
[1] Forwarded this bug email to you privately.
> On 11/13/2012 06:43 PM, Severin Gehwolf wrote:
> > Hi Max,
> >
> > On Fri, 2012-11-09 at 08:38 +0800, Weijun Wang wrote:
> >> Hi Severin
> >>
> >> I've created a
Hi Max,
On Fri, 2012-11-09 at 08:38 +0800, Weijun Wang wrote:
> Hi Severin
>
> I've created an OpenJDK bug and created a new webrev:
>
> http://cr.openjdk.java.net/~weijun/8002344/webrev.00/
>
> The Config.java change is identical to yours, and I added a small tweak
> in KrbServiceLocator,
dk/2376501/webrev.1/
> BTW, are you OK with contributing the fix into OpenJDK main repo?
Yes, of course :) Just let me know what's to be done to get it pushed.
Cheers,
Severin
> On 11/06/2012 11:08 PM, Severin Gehwolf wrote:
> > Hi,
> >
> > In Config.java, line 1234
Hi,
In Config.java, line 1234 in method getKDCFromDNS(String realm) there is
a loop which discards earlier values of KDCs returned rather than
concatenating them. This results in a behaviour where only one KDC in a
seemingly random fashion is returned. In fact, the KDC returned depends
on the orde
48 matches
Mail list logo
