On Tue, 15 Feb 2022 16:12:17 GMT, Michael Osipov wrote:
> I don't expect any new ASN.1 string types to be added in the future, but of
> someone decides to create a public ASN.1
I've seen new string types that need 2 bytes tag, but don't know if they are
used anywhere.
Also, there are existi
On Tue, 15 Feb 2022 15:16:58 GMT, Weijun Wang wrote:
>> The enhancement adds two extra items in the `getSubjectAlternativeNames()`
>> output for an OtherName.
>>
>> It also fix several errors:
>> 1. In `OtherName.java`, `nameValue` should be the value inside `CO
On Tue, 15 Feb 2022 15:59:42 GMT, Michael Osipov wrote:
> > ```
> > 2. I feel a little uneasy of the new `if` and `otherwise` words inside
> > parentheses, especially the second one which seems out of nowhere. Please
> > suggest better wording if possible.
> > ```
>
>
> What about?
>
>
> ``
On Tue, 15 Feb 2022 15:46:10 GMT, Michael Osipov wrote:
>> I have difficulty describing `!(a && b)`. There is no parentheses in human
>> language and `!` has higher order than `&&`.
>>
>> I thought about completely reverse the block but that means everything after
>> the throw will be inside a
On Tue, 15 Feb 2022 15:28:29 GMT, Michael Osipov wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> string at 4th place
>
> src/java.base/share/classes/sun/security/x509/OtherName.java
On Tue, 15 Feb 2022 15:50:07 GMT, Michael Osipov wrote:
> Are you going to address this separately or document to be implicitly fixed
> by this PR?
Normally we close the other one as a duplicate. I'll do it now.
-
PR: https://git.openjdk.java.net/jdk/pull/7167
On Tue, 15 Feb 2022 15:21:08 GMT, Michael Osipov wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> string at 4th place
>
> test/jdk/sun/security/x509/OtherName/Parse.java line 89:
&
On Fri, 11 Feb 2022 17:13:46 GMT, Weijun Wang wrote:
>> The enhancement adds two extra items in the `getSubjectAlternativeNames()`
>> output for an OtherName.
>>
>> It also fix several errors:
>> 1. In `OtherName.java`, `nameValue` should be the value inside `CO
gument in constructor `extClass.getConstructor(Object.class)` is
> suspicious. Maybe it meant `byte[]`.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
string at 4th place
-
Changes:
- all: https://git.openjdk.java.net/jdk
On Tue, 15 Feb 2022 14:36:35 GMT, Weijun Wang wrote:
>> Your words are more precise. A reader should check the size first. A new
>> commit pushed and the CSR is also updated.
>
>> @wangweij I would highly recommend to address this ticket first:
>> https://bugs.
On Tue, 15 Feb 2022 09:10:22 GMT, Michael Osipov wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> specifies the type of the 4th element
>
> src/java.base/share/classes/sun/securi
On Thu, 10 Feb 2022 21:09:45 GMT, Weijun Wang wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> wording, title
>
> Your words are more precise. A reader should check the size first. A ne
On Fri, 11 Feb 2022 14:58:30 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> more precise spec
>
> src/java.base/share/classes/java/security/cert/X509Certificate.java
gument in constructor `extClass.getConstructor(Object.class)` is
> suspicious. Maybe it meant `byte[]`.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
specifies the type of the 4th element
-
Changes:
- all: https://git.openjd
On Thu, 10 Feb 2022 16:47:55 GMT, Weijun Wang wrote:
>> The enhancement adds two extra items in the `getSubjectAlternativeNames()`
>> output for an OtherName.
>>
>> It also fix several errors:
>> 1. In `OtherName.java`, `nameValue` should be the value inside `CO
gument in constructor `extClass.getConstructor(Object.class)` is
> suspicious. Maybe it meant `byte[]`.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
more precise spec
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7
On Thu, 20 Jan 2022 19:42:22 GMT, Weijun Wang wrote:
> The enhancement adds two extra items in the `getSubjectAlternativeNames()`
> output for an OtherName.
>
> It also fix several errors:
> 1. In `OtherName.java`, `nameValue` should be the value inside `CONTEXT [0]`
> w
gument in constructor `extClass.getConstructor(Object.class)` is
> suspicious. Maybe it meant `byte[]`.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
wording, title
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7
On Thu, 10 Feb 2022 13:45:16 GMT, Sean Mullan wrote:
> Looks good, but I think a CSR should also be filed.
Sure, I'll write one now. I've added the `csr` label so that I will not forget
about it. Just want to delay the writing after we agree on the text.
> src/java.base/share/classes/java/secu
On Wed, 9 Feb 2022 06:34:40 GMT, Hai-May Chao wrote:
>> This is to fix `DomainKeyStore::engineAliases` to take into account that
>> there may be empty keystore(s) within the collection of keystores of a
>> domain keystore.
>
> Hai-May Chao has updated the pull request incrementally with one add
On Tue, 8 Feb 2022 17:13:53 GMT, Hai-May Chao wrote:
> This is to fix `DomainKeyStore::engineAliases` to take into account that
> there may be empty keystore(s) within the collection of keystores of a domain
> keystore.
Looks good to me.
Do you want to play with text blocks in the test for `t
On Thu, 3 Feb 2022 17:12:05 GMT, Weijun Wang wrote:
> Add the `-providerPath` option to jarsigner to be consistent with keytool.
This pull request has now been integrated.
Changeset: 2ed1f4cf
Author: Weijun Wang
URL:
https://git.openjdk.java.net/jdk/com
On Tue, 1 Feb 2022 21:54:29 GMT, Sean Mullan wrote:
> This fixes a bootstrapping issue if a custom system class loader is set with
> the `-Djava.system.class.loader` option and the custom class loader is inside
> a signed JAR. In order to load the custom class loader, the runtime must
> verif
> The option means there is no need to provide a password when loading a
> keystore. In some places in jarsigner and keytool, even with the option
> specified, password is still prompted for or warnings are still shown.
Weijun Wang has updated the pull request incrementally with one a
On Thu, 3 Feb 2022 19:11:17 GMT, Hai-May Chao wrote:
> Code change looks good to me.
> I have a comment on the CSR. The “Options for jarsigner” section in
> `jarsigner` manpage, where it describes `-digestalg algorithm` and `-sigalg
> algorithm`, we would update it to include this new option `-
The option means there is no need to provide a password when loading a
keystore. In some places in jarsigner and keytool, even with the option
specified, password is still prompted for or warnings are still shown.
-
Commit messages:
- 8281234: The -protected option is not always ch
> Add the `-providerPath` option to jarsigner to be consistent with keytool.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
no need to append to null
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7338/fi
On Thu, 3 Feb 2022 18:03:48 GMT, Xue-Lei Andrew Fan wrote:
>> Add the `-providerPath` option to jarsigner to be consistent with keytool.
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 256:
>
>> 254: String path = null;
>> 255:
Add the `-providerPath` option to jarsigner to be consistent with keytool.
-
Commit messages:
- 8281175: Add a -providerPath option to jarsigner
Changes: https://git.openjdk.java.net/jdk/pull/7338/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7338&range=00
Issue: ht
On Thu, 3 Feb 2022 03:42:33 GMT, Xue-Lei Andrew Fan wrote:
>> A hostname in an URL ending with a dot is valid (See RFC 1034). However, it
>> is not a valid SNI hostname. The ending dot should be ignored while
>> checking the hostname with SNI or the name in a X.509 certificate.
>>
>> The upd
On Wed, 26 Jan 2022 18:58:07 GMT, Xue-Lei Andrew Fan wrote:
>> A hostname in an URL ending with a dot is valid (See RFC 1034). However, it
>> is not a valid SNI hostname. The ending dot should be ignored while
>> checking the hostname with SNI or the name in a X.509 certificate.
>>
>> The up
On Wed, 26 Jan 2022 16:25:24 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed ^M from test
>
> test/jdk/sun/security/krb5/auto/HttpsCB.java line 120:
>
>> 118:
>> 119: boolean
On Wed, 26 Jan 2022 16:27:29 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed ^M from test
>
> test/jdk/sun/security/krb5/auto/HttpsCB.java line 201:
>
>> 199: return reader
On Tue, 25 Jan 2022 00:13:32 GMT, Xue-Lei Andrew Fan wrote:
> A hostname in an URL ending with a dot is valid (See RFC 1034). However, it
> is not a valid SNI hostname. The ending dot should be ignored while checking
> the hostname with SNI or the name in a X.509 certificate.
>
> The update
On Mon, 24 Jan 2022 22:11:51 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
On Fri, 14 Jan 2022 11:18:23 GMT, Masanori Yano wrote:
>> Could you please review the JDK-8255739 bug fix?
>>
>> I think sun.security.x509.SubjectAlternativeNameExtension() should throw an
>> exception for incorrect SubjectAlternativeNames instead of returning the
>> substituted characters, wh
On Mon, 24 Jan 2022 15:54:01 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/security/util/TlsChannelBinding.java line
>> 100:
>>
>>> (failed to retrieve contents of file, check the PR for context)
>> I think this method should stay here. Suppose one day the CBT type is
>> confi
On Mon, 24 Jan 2022 13:54:12 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains eight additional
>> com
On Fri, 21 Jan 2022 15:40:16 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> more tidy-up
>
> src/java.naming/share/classes/com/sun/jndi/ldap/sasl/LdapSasl.java line 144:
>
>> 142:
On Mon, 24 Jan 2022 13:36:47 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
On Fri, 21 Jan 2022 16:02:29 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
On Fri, 21 Jan 2022 16:02:29 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
On Thu, 20 Jan 2022 18:19:19 GMT, Weijun Wang wrote:
> Set `output_token` to empty. It is always accessed (even for a
> `GSS_S_FAILURE`) at
> https://github.com/openjdk/jdk/blob/cfa3f7493149170f2b23a516bc95110dab43fd06/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c#L1160.
The enhancement adds two extra items in the `getSubjectAlternativeNames()`
output for an OtherName.
It also fix several errors:
1. In `OtherName.java`, `nameValue` should be the value inside `CONTEXT [0]`
without the tag and length bytes.
2. The argument in constructor `extClass.getConstructor(O
Set `output_token` to empty. It is always accessed (even for a `GSS_S_FAILURE`)
at
https://github.com/openjdk/jdk/blob/cfa3f7493149170f2b23a516bc95110dab43fd06/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c#L1160.
-
Commit messages:
- 8280401: [sspi] gss_accept_sec_conte
On Wed, 19 Jan 2022 22:18:32 GMT, Weijun Wang wrote:
> Two edits.
This pull request has now been integrated.
Changeset: 98d96a77
Author: Weijun Wang
URL:
https://git.openjdk.java.net/jdk/commit/98d96a770756ffe3e7f5e4b82120e9fb484cad9a
Stats: 2 lines in 1 file changed: 0 ins
> Two edits.
Weijun Wang has refreshed the contents of this pull request, and previous
commits have been removed. The incremental views will show differences compared
to the previous content of the PR. The pull request contains two new commits
since the last revision:
- year
- Upd
On Wed, 19 Jan 2022 22:57:06 GMT, Sergey Bylokhov wrote:
>> Two edits.
>
> src/java.desktop/share/classes/javax/swing/plaf/basic/BasicFileChooserUI.java
> line 727:
>
>> 725: Handler handler;
>> 726: /**
>> 727: * Constructs a {@code DoubleClickListener}.
>
> This chan
On Wed, 19 Jan 2022 22:20:47 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
Two edits.
-
Commit messages:
- Another year
- year
- Update DigestMD5Base.java
- 8279796: Fix typo: Constucts -> Constructs
Changes: https://git.openjdk.java.net/jdk/pull/7147/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7147&range=00
Issue: https://bugs.openjd
On Tue, 18 Jan 2022 19:33:19 GMT, Xue-Lei Andrew Fan wrote:
>> If so, should the `SupportedVersionsExtension` get a more precise
>> description as well?
>
>> If so, should the `SupportedVersionsExtension` get a more precise
>> description as well?
>
> I did not get the point. Did you mean to
On Tue, 18 Jan 2022 16:13:42 GMT, Xue-Lei Andrew Fan wrote:
>> MessageFormat messageFormat = new MessageFormat(
>> ""versions": '['{0}']'", Locale.ENGLISH);
>>
>> In class SupportedGroupsExtension, the above "versions" should be "named
>> groups".
>
> src/java.base/share/classes/sun/securit
On Tue, 18 Jan 2022 11:11:49 GMT, John Jiang wrote:
> MessageFormat messageFormat = new MessageFormat(
> ""versions": '['{0}']'", Locale.ENGLISH);
>
> In class SupportedGroupsExtension, the above "versions" should be "named
> groups".
Marked as reviewed by weijun (Reviewer).
-
On Fri, 14 Jan 2022 10:18:50 GMT, Daniel Fuchs wrote:
>> This is what was intended (equivalent)
>>
>> `if (s ==null || (s!="always" && s!="never" && !s.startsWith("domain")))`
>
> Argh - you're right I missed the fact that the 3 expressions where included
> in parenthesis. I read it as
>
> !
On Fri, 14 Jan 2022 18:40:41 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/http/HttpClient.java line 152:
>>
>>> 150: * If enabled (for a particular destination) then SPNEGO
>>> authentication requests will include
>>> 151: * a channel binding token for the de
On Fri, 14 Jan 2022 18:42:08 GMT, Michael McMahon wrote:
>> src/java.security.jgss/share/classes/module-info.java line 36:
>>
>>> 34: module java.security.jgss {
>>> 35: requires java.naming;
>>> 36: requires java.security.sasl;
>>
>> Someone from security-dev should probably review thi
On Fri, 7 Jan 2022 19:35:56 GMT, Weijun Wang wrote:
> Please review this enhancement and its
> [CSR](https://bugs.openjdk.java.net/browse/JDK-8279632). Two new options `-s
> salt` and `-f` can be specified on the `ktab` command when adding entries.
>
> I'm a little
On Thu, 13 Jan 2022 21:40:16 GMT, Weijun Wang wrote:
>> Please review this enhancement and its
>> [CSR](https://bugs.openjdk.java.net/browse/JDK-8279632). Two new options `-s
>> salt` and `-f` can be specified on the `ktab` command when adding entries.
>>
>> I&
On Thu, 13 Jan 2022 21:57:57 GMT, Sean Mullan wrote:
>> If a JAR is signed with multiple digest algorithms and one of the digest
>> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
>> returning null indicating that the jar entry has no signers.
>>
>> This fixes the iss
On Thu, 13 Jan 2022 19:54:44 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
>> line 211:
>>
>>> 209: }
>>> 210:
>>> 211: CodeSigner[] entrySigners = sigFileSigners.get(name);
>>
>> What if we return here if `entrySigners ==
On Thu, 13 Jan 2022 20:26:05 GMT, Valerie Peng wrote:
>> Same goes for test/jdk/sun/security/krb5/auto/Context.java.
>
> And test/jdk/sun/security/krb5/tools/KtabCheck.java.
Yes.
-
PR: https://git.openjdk.java.net/jdk/pull/6991
On Thu, 13 Jan 2022 19:45:37 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> duplicate words, and another year
>
> src/java.security.jgss/windows/classes/sun/security
On Thu, 13 Jan 2022 19:52:55 GMT, Valerie Peng wrote:
>> src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Ktab.java
>> line 2:
>>
>>> 1: /*
>>> 2: * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights
>>> reserved.
>>
>> 2022
>
> Same goes for sun/securi
constructor which always uses the default salt. For consistency, it looks
> like a new constructor should be added that takes the salt string as a
> parameter as well. However, I don't intend to add it as I cannot see a proper
> usage for it. In fact, I now regret adding the
On Wed, 12 Jan 2022 21:57:22 GMT, Sean Mullan wrote:
> If a JAR is signed with multiple digest algorithms and one of the digest
> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly
> returning null indicating that the jar entry has no signers.
>
> This fixes the issue su
On Tue, 11 Jan 2022 20:34:59 GMT, Weijun Wang wrote:
> Add OID aliases for the 2 service. This makes sure KeyFactory can be created
> and read an encoded key without knowing what the OID in the encoding is for.
This pull request has now been integrated.
Changeset: 0a839b43
Author:
On Tue, 11 Jan 2022 20:38:30 GMT, Weijun Wang wrote:
> Change the order so parent class is at the left.
This pull request has now been integrated.
Changeset: cb250298
Author: Weijun Wang
URL:
https://git.openjdk.java.net/jdk/commit/cb25029885b176be9ebbc84ac1a8ba71be96a6a7
St
On Wed, 12 Jan 2022 21:22:34 GMT, Valerie Peng wrote:
>> src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java line 322:
>>
>>> 320: */
>>> 321: putService(new ProviderServiceA(this, "KeyPairGenerator",
>>> 322: "EC", "sun.security.ec.ECKeyPairGenerator", ATTRS)
On Tue, 11 Jan 2022 20:38:30 GMT, Weijun Wang wrote:
> Change the order so parent class is at the left.
New commit pushed. Turns out `PBKDF2HmacSHA1Factory.java` is useless now. The
algorithm is now implemented as a sub-class of `PBKDF2Core`.
-
PR: https://git.openjdk.java.
> Change the order so parent class is at the left.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
8279800: isAssignableFrom checks in
AlgorithmParametersSpi.engineGetParameterSpec appear to be backwards
-
Chan
On Wed, 12 Jan 2022 19:31:31 GMT, Valerie Peng wrote:
>> If so, then the `if` block will be true and the spec object is casted to
>> your specified class (`AlgorithmParameterSpec.class` or `Object.class`) and
>> it always succeeds.
>>
>> This is exactly what I want to achieve. In fact, this bu
On Wed, 12 Jan 2022 19:41:31 GMT, Valerie Peng wrote:
>> Change the order so parent class is at the left.
>
> test/jdk/java/security/spec/IsAssignableFromOrder.java line 72:
>
>> 70: static void test(String algorithm, AlgorithmParameterSpec spec,
>> 71: Class... classes) throws
On Wed, 12 Jan 2022 07:29:04 GMT, John Jiang wrote:
>> In class `sun.security.ec.ECDHKeyAgreement`, the last `mod()` in the below
>> line looks redundant,
>>
>> BigInteger lhs = y.modPow(BigInteger.valueOf(2), p).mod(p);
>>
>> I think this tiny change just be a code cleanup, so no test for it
On Wed, 12 Jan 2022 06:08:29 GMT, Xue-Lei Andrew Fan wrote:
>> Change the order so parent class is at the left.
>
> src/java.base/share/classes/com/sun/crypto/provider/BlockCipherParamsCore.java
> line 111:
>
>> 109: T getParameterSpec(Class
>> paramSpec)
>> 110: throws InvalidPar
Change the order so parent class is at the left.
-
Commit messages:
- 8279800: isAssignableFrom checks in
AlgorithmParametersSpi.engineGetParameterSpec appear to be backwards
Changes: https://git.openjdk.java.net/jdk/pull/7037/files
Webrev: https://webrevs.openjdk.java.net/?repo=j
Add OID aliases for the 2 service. This makes sure KeyFactory can be created
and read an encoded key without knowing what the OID in the encoding is for.
-
Commit messages:
- 8279801: EC KeyFactory and KeyPairGenerator do not have aliases for OID
format
Changes: https://git.openjd
On Wed, 27 Oct 2021 18:49:26 GMT, Andrey Turbanov wrote:
>> Cleanup unused local variables. Looks like they are leftovers after
>> refactoring.
>
> Andrey Turbanov has updated the pull request with a new target base due to a
> merge or a rebase. The pull request now contains three commits:
>
>
Please review this enhancement and its
[CSR](https://bugs.openjdk.java.net/browse/JDK-8279632). Two new options `-s
salt` and `-f` can be specified on the `ktab` command when adding entries.
I'm a little concerned about the compatibility risk described in the CSR, i.e.
the `-f` option is alread
On Thu, 23 Dec 2021 11:59:18 GMT, Masanori Yano wrote:
> Could you please review the JDK-8255739 bug fix?
>
> I think sun.security.x509.SubjectAlternativeNameExtension() should throw an
> exception for incorrect SubjectAlternativeNames instead of returning the
> substituted characters, which i
On Wed, 5 Jan 2022 16:25:27 GMT, Weijun Wang wrote:
> 8279520: SPNEGO has not passed channel binding info into the underlying
> mechanism
This pull request has now been integrated.
Changeset: 8d0f385f
Author:Weijun Wang
URL:
https://git.openjdk.java.net/jdk/
8279520: SPNEGO has not passed channel binding info into the underlying
mechanism
-
Commit messages:
- 8279520: SPNEGO has not passed channel binding info into the underlying
mechanism
Changes: https://git.openjdk.java.net/jdk/pull/6969/files
Webrev: https://webrevs.openjdk.java.
On Mon, 3 Jan 2022 14:52:13 GMT, Matthias Baesken wrote:
> Hello , please review this XXS test adjustment. After 8278344, it has been
> commented that better shouldMatch should be used for the adjusted test
> parsing output of different OpenSSL versions.
Hurray! I see 2022!
-
Ma
On Tue, 14 Dec 2021 18:33:47 GMT, Valerie Peng wrote:
> Can someone help review this small fix? NSS returns PKCS11
> CKR_ATTRIBUTE_SENSITIVE error when trying to retrieve CKA_VALUE out of its
> token keys. So this fix is to add special handling for NSS token secret keys.
> There is already an
On Tue, 14 Dec 2021 18:33:47 GMT, Valerie Peng wrote:
> Can someone help review this small fix? NSS returns PKCS11
> CKR_ATTRIBUTE_SENSITIVE error when trying to retrieve CKA_VALUE out of its
> token keys. So this fix is to add special handling for NSS token secret keys.
> There is already an
On Tue, 14 Dec 2021 18:33:47 GMT, Valerie Peng wrote:
> Can someone help review this small fix? NSS returns PKCS11
> CKR_ATTRIBUTE_SENSITIVE error when trying to retrieve CKA_VALUE out of its
> token keys. So this fix is to add special handling for NSS token secret keys.
> There is already an
On Tue, 21 Dec 2021 16:31:57 GMT, Weijun Wang wrote:
> Before password-less PKCS12 keystores are supported, certificates in a PKCS12
> file are always encrypted. Therefore if one loads the keystore with a null
> pass, it contains `PrivateKeyEntry`s without certificates. This has alway
On Tue, 21 Dec 2021 16:31:57 GMT, Weijun Wang wrote:
> Before password-less PKCS12 keystores are supported, certificates in a PKCS12
> file are always encrypted. Therefore if one loads the keystore with a null
> pass, it contains `PrivateKeyEntry`s without certificates. This has alway
If you can find out a usage of a
> private key entry without any certificate and think it's worth kept that way,
> I can simply remove the `remove` call and leave the entry there.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last rev
On Mon, 20 Dec 2021 14:50:08 GMT, Daniel Jeliński wrote:
> Trivial change. Issue reported by
> [lgtm.com](https://lgtm.com/projects/g/openjdk/jdk/alerts/?mode=tree&lang=java&ruleFocus=1952840153).
Thanks. I'll run some tests before sponsoring it. Hopefully no one uses the
exact exception messa
On Mon, 20 Dec 2021 14:50:08 GMT, Daniel Jeliński wrote:
> Trivial change. Issue reported by
> [lgtm.com](https://lgtm.com/projects/g/openjdk/jdk/alerts/?mode=tree&lang=java&ruleFocus=1952840153).
Change looks good. Please add a colon after the bug ID in the title. Otherwise
Skara might not in
Before password-less PKCS12 keystores are supported, certificates in a PKCS12
file are always encrypted. Therefore if one loads the keystore with a null
pass, it contains `PrivateKeyEntry`s without certificates. This has always been
awkward (and most likely useless) so when JDK-8076190 introduce
On Fri, 10 Dec 2021 23:09:46 GMT, Weijun Wang wrote:
> Perfect match does not always appear at the beginning if there are multiple
> KeyTypes.
This pull request has now been integrated.
Changeset: 6412d57a
Author:Weijun Wang
URL:
https://git.openjdk.java.net/jdk/
On Wed, 8 Dec 2021 15:36:36 GMT, Weijun Wang wrote:
> Add check on `xpointer(id('name'))` format.
This pull request has now been integrated.
Changeset: 1f1db838
Author: Weijun Wang
URL:
https://git.openjdk.java.net/jdk/commit/1f1db838ab7d427170d59a8b55fdb45c4d80c359
On Tue, 14 Dec 2021 15:24:58 GMT, Weijun Wang wrote:
> Make the return value of `PKCS12KeyStore::engineGetAttributes` immutable.
> Gather the `getAttributes()` value into a new `HashSet` and then make it
> immutable. This ensures the final result itself is not mutable and it also
&
On Wed, 1 Dec 2021 17:03:24 GMT, Weijun Wang wrote:
> Update Public Suffix List data to the latest version at
> https://github.com/publicsuffix/list.
This pull request has been closed without being integrated.
-
PR: https://git.openjdk.java.net/jdk/pull/6643
Make the return value of `PKCS12KeyStore::engineGetAttributes` immutable.
Gather the `getAttributes()` value into a new `HashSet` and then make it
immutable. This ensures the final result itself is not mutable and it also will
not change even if the internal `entry.attributes` is modified.
On Thu, 9 Dec 2021 08:25:17 GMT, Matthias Baesken wrote:
> Please review this small test fix.
> KeytoolOpensslInteropTest.java fails with the output below.
> Seems on our SUSE Linux 15 (openssl is
> ~> openssl version
> OpenSSL 1.1.0i-fips 14 Aug 2018
> ) we get a slightly different output with a
Perfect match does not always appear at the beginning if there are multiple
KeyTypes.
-
Commit messages:
- 8278560: X509KeyManagerImpl::getAliases might return a good key with others
Changes: https://git.openjdk.java.net/jdk/pull/6804/files
Webrev: https://webrevs.openjdk.java.net
On Thu, 9 Dec 2021 19:34:12 GMT, Weijun Wang wrote:
> Add check on `xpointer(id('name'))` format.
This pull request has been closed without being integrated.
-
PR: https://git.openjdk.java.net/jdk18/pull/1
On Wed, 8 Dec 2021 15:36:36 GMT, Weijun Wang wrote:
> Add check on `xpointer(id('name'))` format.
This pull request has been closed without being integrated.
-
PR: https://git.openjdk.java.net/jdk/pull/6769
201 - 300 of 3227 matches
Mail list logo