On Fri, 22 Oct 2021 21:53:30 GMT, Bernd wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> renames
>
> src/java.base/share/classes/javax/security/auth/Subject.java line 475:
>
>>
On Fri, 22 Oct 2021 21:45:25 GMT, Bernd wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> renames
>
> src/java.base/share/classes/javax/security/auth/Subject.java line 325:
&g
On Mon, 25 Oct 2021 12:53:43 GMT, Sean Mullan wrote:
> The JDK implementation (as supplied by the "SUN" provider) of
> `X509Certificate::getSubjectAlternativeNames` and
> `X509Certificate::getIssuerAlternativeNames` returns `null` instead of
> throwing a `CertificateParsingException` when the
On Fri, 22 Oct 2021 23:50:38 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review of this change. It makes KeyPair implement Destroyable and
> implements the methods to call the underlying privateKey. It also sets the
> public and private key to 'final'.
>
> The bug includes a CSR and
On Fri, 22 Oct 2021 23:50:38 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review of this change. It makes KeyPair implement Destroyable and
> implements the methods to call the underlying privateKey. It also sets the
> public and private key to 'final'.
>
> The bug includes a CSR and
gt; `AccessControlContext` inside the call inherits the subject from the outer
> one.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
renames
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/5024/files
On Fri, 20 Aug 2021 22:44:34 GMT, Weijun Wang wrote:
> This change modifies the default value of the `java.security.manager` system
> property from "allow" to "disallow". This means unless it's explicitly set to
> "allow", any call to `System.s
On Thu, 21 Oct 2021 13:43:40 GMT, Sean Mullan wrote:
>> OK, but in the ctor `trustedPubKey` is also null.
>
> True, but that's because none of the fields are set yet, so it feels odd for
> the ctor to check if the field is null when it is always true, even if it is
> a different method. What
On Thu, 21 Oct 2021 12:06:39 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
>> line 363:
>>
>>> 361: // been specified.
>>> 362: if (this.prevPubKey == null) {
>>> 363: if (anchor == null) {
>>
>> This
On Wed, 20 Oct 2021 14:47:31 GMT, Sean Mullan wrote:
>> This fix improves the exception message to better indicate when the key (and
>> not the signature algorithm) is restricted. This change also includes a few
>> other improvements:
>>
>> - The constraints checking in
Support Cipher operations on CNG keys.
-
Depends on: https://git.openjdk.java.net/jdk/pull/6047
Commit messages:
- 8251134: Unwrapping a key with a Private Key generated by Microsoft CNG fails
Changes: https://git.openjdk.java.net/jdk/pull/6049/files
Webrev:
If a entry is overwritten by another one using the same alias, make sure the
old one is removed.
-
Commit messages:
- 8185844: MSCAPI doesn't list aliases correctly
Changes: https://git.openjdk.java.net/jdk/pull/6047/files
Webrev:
Add `KeyStore::getAttributes` so that one can get the attributes of an entry
without retrieving the entry first. This is especially useful for a private key
entry which can only be retrieved with a password.
-
Commit messages:
- 8225181: KeyStore should have a getAttributes method
On Thu, 14 Oct 2021 13:36:19 GMT, Weijun Wang wrote:
> The cacerts file is now a password-less PKCS12 file. This make sure old code
> that uses a JKS KeyStore object can continuously load it using a null
> password (in fact, any password) and see all certificates inside.
This pull re
> The cacerts file is now a password-less PKCS12 file. This make sure old code
> that uses a JKS KeyStore object can continuously load it using a null
> password (in fact, any password) and see all certificates inside.
Weijun Wang has updated the pull request incrementally with one a
On Tue, 19 Oct 2021 18:49:11 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> use a standard name
>
> make/jdk/src/classes/build/tools/generatecacerts/Generate
On Thu, 5 Aug 2021 20:10:44 GMT, Weijun Wang wrote:
> New `Subject` APIs `current()` and `callAs()` are created to be replacements
> of `getSubject()` and `doAs()` since the latter two methods are now
> deprecated for removal.
>
> In this implementation, by default, `cur
On Wed, 18 Aug 2021 15:01:12 GMT, Sean Mullan wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, by default, `current()` returns
New `Subject` APIs `current()` and `callAs()` are created to be replacements of
`getSubject()` and `doAs()` since the latter two methods are now deprecated for
removal.
In this implementation, by default, `current()` returns the same value as
`getSubject(AccessController.getCurrent())` and
On Tue, 19 Oct 2021 15:26:52 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/util/AlgorithmDecomposer.java line
>> 48:
>>
>>> 46:"SHA-384", "SHA384", "SHA-512", "SHA512", "SHA-512/224",
>>> 47:"SHA512/224", "SHA-512/256", "SHA512/256");
>>>
On Wed, 13 Oct 2021 13:42:25 GMT, Sean Mullan wrote:
> This fix improves the exception message to better indicate when the key (and
> not the signature algorithm) is restricted. This change also includes a few
> other improvements:
>
> - The constraints checking in `AlgorithmChecker.check()`
On Tue, 19 Oct 2021 06:26:17 GMT, Hai-May Chao wrote:
>> It'd be useful to have a -version option for keytool and jarsigner. Many
>> other JDK tools already have a -version option. This is to add -version
>> option to keytool and jarsigner like jar command does.
>>
>> CSR review:
>>
On Tue, 19 Oct 2021 06:26:17 GMT, Hai-May Chao wrote:
>> It'd be useful to have a -version option for keytool and jarsigner. Many
>> other JDK tools already have a -version option. This is to add -version
>> option to keytool and jarsigner like jar command does.
>>
>> CSR review:
>>
On Tue, 19 Oct 2021 01:09:26 GMT, Hai-May Chao wrote:
>> It'd be useful to have a -version option for keytool and jarsigner. Many
>> other JDK tools already have a -version option. This is to add -version
>> option to keytool and jarsigner like jar command does.
>>
>> CSR review:
>>
On Mon, 4 Oct 2021 17:40:22 GMT, Weijun Wang wrote:
> Two changes:
>
> 1. Calculation of groups is put in a separate block.
> 2. Add fallback for uid and gid
>
> No regression test. Hard to reproduce bud reporter's environment in jtreg.
This pull request has now been inte
On Fri, 15 Oct 2021 14:12:55 GMT, Magnus Ihse Bursie wrote:
>> make/jdk/src/classes/build/tools/generatecacerts/GenerateCacerts.java line
>> 74:
>>
>>> 72: cert = (X509Certificate) cf.generateCertificate(fis);
>>> 73: }
>>> 74:
On Thu, 14 Oct 2021 22:53:42 GMT, Weijun Wang wrote:
> Just re-load the CredentialsCache like we did on non-Windows non-macOS
> systems.
This pull request has now been integrated.
Changeset: 8e020642
Author:Weijun Wang
URL:
https://git.openjdk.java.net/jdk/
On Thu, 14 Oct 2021 16:04:08 GMT, Hai-May Chao wrote:
> It'd be useful to have a -version option for keytool and jarsigner. Many
> other JDK tools already have a -version option. This is to add -version
> option to keytool and jarsigner like jar command does.
>
> CSR review:
>
> Just re-load the CredentialsCache like we did on non-Windows non-macOS
> systems.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
test info
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/5960/files
On Fri, 15 Oct 2021 12:54:37 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> test info
>
> test/jdk/sun/security/krb5/ccache/Refresh.java line 26:
>
>>
Just re-load the CredentialsCache like we did on non-Windows non-macOS systems.
-
Commit messages:
- 8049520: FileCredentialsCache loads cache once and is never refreshed
Changes: https://git.openjdk.java.net/jdk/pull/5960/files
Webrev:
On Thu, 14 Oct 2021 13:36:19 GMT, Weijun Wang wrote:
> The cacerts file is now a password-less PKCS12 file. This make sure old code
> that uses a JKS KeyStore object can continuously load it using a null
> password (in fact, any password) and see all certificates inside.
For pass
On Thu, 14 Oct 2021 13:36:19 GMT, Weijun Wang wrote:
> The cacerts file is now a password-less PKCS12 file. This make sure old code
> that uses a JKS KeyStore object can continuously load it using a null
> password (in fact, any password) and see all certificates inside.
No
On Thu, 14 Oct 2021 19:07:55 GMT, Michael Osipov wrote:
> Generating this trust store with Java code like I do?
What do you mean "like you do"? If you accept the proposed format in this PR,
then just follow what `GenerateCACerts.java` is doing and how it's called. If
you are thinking about
On Thu, 14 Oct 2021 13:36:19 GMT, Weijun Wang wrote:
> The cacerts file is now a password-less PKCS12 file. This make sure old code
> that uses a JKS KeyStore object can continuously load it using a null
> password (in fact, any password) and see all certificates inside.
If
You can create a password-less PKCS12 KeyStore file now by calling
`ks.store(outStream, null)` no matter what the default cert protection
algorithm and Mac algorithm are defined in `java.security`.
-
Commit messages:
- 8231107: Storing PKCS12 keystore without integrity protection
The cacerts file is now a password-less PKCS12 file. This make sure old code
that uses a JKS KeyStore object can continuously load it using a null password
(in fact, any password) and see all certificates inside.
-
Commit messages:
- 8275252: Migrate cacerts from JKS to
On Thu, 14 Oct 2021 03:32:19 GMT, Jaikiran Pai wrote:
> So from what I understand, this `LogParameters` testcase is just there to
Absolutely correct.
-
PR: https://git.openjdk.java.net/jdk/pull/5927
On Wed, 13 Oct 2021 14:22:16 GMT, Jaikiran Pai wrote:
>> The commit here tries to address an intermittent failure reported in
>> https://bugs.openjdk.java.net/browse/JDK-8254267.
>>
>> The `LogParameters` test case sets the log level to `ALL` for the
>> `java.lang.String.class` and then
On Wed, 13 Oct 2021 10:49:57 GMT, Jaikiran Pai wrote:
> The commit here tries to address an intermittent failure reported in
> https://bugs.openjdk.java.net/browse/JDK-8254267.
>
> The `LogParameters` test case sets the log level to `ALL` for the
> `java.lang.String.class` and then attaches a
On Sat, 2 Oct 2021 20:05:37 GMT, Andrey Turbanov wrote:
> Cleanup unnecessary String.valueOf calls (and similar) when conversion will
> happen implicitly anyway
Some small comments.
src/java.net.http/share/classes/jdk/internal/net/http/Http1AsyncReceiver.java
line 738:
> 736: if
On Fri, 17 Sep 2021 08:56:47 GMT, Andrey Turbanov
wrote:
> String.contains was introduced in Java 5.
> Some code in java.base still uses old approach with `String.indexOf` to check
> if String contains specified substring.
> I propose to migrate such usages. Makes code shorter and easier to
On Thu, 7 Oct 2021 15:12:33 GMT, Sean Mullan wrote:
>> Looks like it's required if there's a @build directive
>
> Ok.
It might be necessary because there is already a `@build` there.
-
PR: https://git.openjdk.java.net/jdk/pull/5841
On Thu, 7 Oct 2021 14:21:27 GMT, Sean Coffey wrote:
>> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
>> line 66:
>>
>>> 64:
>>> 65: private String name = null;
>>> 66: private String manifestFileName;
>>
>> Make this final and add a comment that it will
On Wed, 6 Oct 2021 16:58:51 GMT, Sean Coffey wrote:
> Use correct manifest file name in the Manifest verifier checks.
> Also - extra null check
>
> The test doesn't reproduce the exact issue reported but should prevent future
> regressions in this area.
Marked as reviewed by weijun
On Fri, 1 Oct 2021 17:36:13 GMT, Weijun Wang wrote:
> Remove support for the 2 settings. Remove classes around the KRB_PRIV and
> KRB_SAFE message types that were never used in Java.
This pull request has now been integrated.
Changeset: 1e752033
Author:Weijun Wang
URL:
> Remove support for the 2 settings. Remove classes around the KRB_PRIV and
> KRB_SAFE message types that were never used in Java.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
clean up comment
-
Changes:
On Thu, 23 Sep 2021 14:32:01 GMT, Weijun Wang wrote:
> This code change removes weak etypes from the default list so it's safer to
> enable one of them. See the corresponding CSR at
> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
> please review the
On Mon, 4 Oct 2021 13:59:43 GMT, Weijun Wang wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significant
On Mon, 4 Oct 2021 19:29:27 GMT, Valerie Peng wrote:
> Do we still need all the constants defined in
> sun/security/krb5/internal/cryptoKeyUsage.java now that the corresponding
> classes are removed?
I haven't touched this file, and I also haven't cleaned up constants in
On Mon, 4 Oct 2021 19:26:04 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> update copyright years
>
> src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsR
> Remove support for the 2 settings. Remove classes around the KRB_PRIV and
> KRB_SAFE message types that were never used in Java.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
update copyright years
-
C
On Mon, 4 Oct 2021 19:18:18 GMT, Valerie Peng wrote:
>> Remove support for the 2 settings. Remove classes around the KRB_PRIV and
>> KRB_SAFE message types that were never used in Java.
>
> src/java.security.jgss/share/classes/sun/security/krb5/Checksum.java line 75:
>
>> 73: //
Two changes:
1. Calculation of groups is put in a separate block.
2. Add fallback for uid and gid
No regression test. Hard to reproduce bud reporter's environment in jtreg.
-
Commit messages:
- 8274721: UnixSystem fails to provide uid, gid or groups if no username is
available
On Thu, 30 Sep 2021 15:44:32 GMT, Weijun Wang wrote:
> Extra parameters need to be set for RSASSA-PSS signatures. We already have a
> helper method for that.
>
> Some other cleanups:
> 1. When using GET for OCSP, make sure no double slash.
> 2. Several throws clauses
On Sun, 26 Sep 2021 15:10:52 GMT, Andrey Turbanov
wrote:
> In couple of classes, result part of arrays of Pattern.split is compared with
> `null`. Pattern.split (and hence String.split) never returns `null` in array
> elements. Such comparisons are redundant.
Marked as reviewed by weijun
On Wed, 29 Sep 2021 10:45:41 GMT, Larry-N
wrote:
> This fix adds a cache of service provider classes to LoginContext (in
> particular, it's a cache of LoginModules classes). The approach helps to
> increase the performance of the LoginContext.login() method significantly,
> especially in a
On Wed, 29 Sep 2021 10:45:41 GMT, Larry-N
wrote:
> This fix adds a cache of service provider classes to LoginContext (in
> particular, it's a cache of LoginModules classes). The approach helps to
> increase the performance of the LoginContext.login() method significantly,
> especially in a
On Sun, 3 Oct 2021 16:24:33 GMT, Andrey Turbanov
wrote:
> Cleanup unnecessary String.valueOf calls (and similar) when conversion will
> happen implicitly anyway.
Change looks fine. Thanks for taking of this.
-
Marked as reviewed by weijun (Reviewer).
PR:
Remove support for the 2 settings. Remove classes around the KRB_PRIV and
KRB_SAFE message types that were never used in Java.
-
Commit messages:
- 8274656: Remove default_checksum and safe_checksum_type from krb5.conf
Changes: https://git.openjdk.java.net/jdk/pull/5788/files
On Tue, 28 Sep 2021 14:24:01 GMT, Weijun Wang wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>&g
> This code change removes weak etypes from the default list so it's safer to
> enable one of them. See the corresponding CSR at
> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
> please review the CSR as well.
Weijun Wang has updated the pull request i
On Fri, 1 Oct 2021 03:32:11 GMT, Weijun Wang wrote:
>> Extra parameters need to be set for RSASSA-PSS signatures. We already have a
>> helper method for that.
>>
>> Some other cleanups:
>> 1. When using GET for OCSP, make sure no double slash.
>> 2. Seve
ds to access an external server.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
verifier should not use automatically derived parameters fails
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/5778/files
- new: http
ds to access an external server.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
a test
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/5778/files
- new: https://git.openjdk.java.net/jdk/pull/5778/files/12e8f249..ae
On Thu, 30 Sep 2021 23:15:33 GMT, Hai-May Chao wrote:
> As throwing ProviderException is removed from initVerifyWithParam(), could we
> remove the ProviderException in the try-catch block from the callers of
> initVerifyWithParam()? For example, one of the callers at:
>
On Wed, 29 Sep 2021 18:13:14 GMT, Joe Darcy wrote:
>> Follow-up change to JDK-8231262, augmentations to javac's Xlint:serial
>> checking are out for review (#5709) and various security libraries would
>> need some changes to pass under the expanded checks.
>>
>> The changes are to suppress
Extra parameters need to be set for RSASSA-PSS signatures. We already have a
helper method for that.
Some other cleanups:
1. When using GET for OCSP, make sure no double slash.
2. Several throws clauses are not necessary.
No regression test. OCSP needs to access an external server.
On Sun, 26 Sep 2021 13:27:47 GMT, Weijun Wang wrote:
> `DistributionPointName` in `IssuingDistributionPointExtension` is a CHOICE
> and should not be encoded as IMPLICIT.
>
> Please note that the parsing side (at
> https://github.com/openjdk/jdk/blob/a9db70418f7bc6b2f95afdd36
On Tue, 31 Aug 2021 02:05:06 GMT, Weijun Wang wrote:
>> This change modifies the default value of the `java.security.manager` system
>> property from "allow" to "disallow". This means unless it's explicitly set
>> to "allow", any call to
> This code change removes weak etypes from the default list so it's safer to
> enable one of them. See the corresponding CSR at
> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
> please review the CSR as well.
Weijun Wang has updated the pull request i
On Tue, 28 Sep 2021 14:08:44 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> disable weak checksums as well
>
> src/java.security.jgss/share/classes/sun/security/k
`DistributionPointName` in `IssuingDistributionPointExtension` is a CHOICE and
should not be encoded as IMPLICIT.
Please note that the parsing side (at
> This code change removes weak etypes from the default list so it's safer to
> enable one of them. See the corresponding CSR at
> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
> please review the CSR as well.
Weijun Wang has updated the pull request i
> This code change removes weak etypes from the default list so it's safer to
> enable one of them. See the corresponding CSR at
> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
> please review the CSR as well.
Weijun Wang has updated the pull request i
On Fri, 24 Sep 2021 22:06:27 GMT, Valerie Peng wrote:
>> This is because MIT krb5 treats DES as weak and RC4 as deprecated. In Java,
>> we treat both as weak after JDK-8139348 (the title is "Deprecate 3DES and
>> RC4 in Kerberos" but this "deprecate" is not the same as the one in MIT
>>
On Fri, 24 Sep 2021 22:01:26 GMT, Valerie Peng wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>> please review the CSR as
On Fri, 24 Sep 2021 21:59:04 GMT, Valerie Peng wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>> please review the CSR as
On Fri, 24 Sep 2021 21:55:44 GMT, Valerie Peng wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>> please review the CSR as
On Fri, 24 Sep 2021 19:33:12 GMT, Sean Mullan wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>> please review the CSR as
On Fri, 24 Sep 2021 19:49:14 GMT, Sean Mullan wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>> please review the CSR as
On Thu, 23 Sep 2021 20:31:16 GMT, Andrey Turbanov
wrote:
>> Usage of thread-safe collection Vector is unnecessary. It's recommended to
>> use ArrayList if a thread-safe implementation is not needed.
>
> Andrey Turbanov has updated the pull request incrementally with one
> additional commit
On Thu, 23 Sep 2021 20:31:16 GMT, Andrey Turbanov
wrote:
>> Usage of thread-safe collection Vector is unnecessary. It's recommended to
>> use ArrayList if a thread-safe implementation is not needed.
>
> Andrey Turbanov has updated the pull request incrementally with one
> additional commit
On Thu, 23 Sep 2021 20:42:48 GMT, Andrey Turbanov
wrote:
> There are few places in code where manual `for` loop is used with Iterator to
> iterate over Collection.
> Instead of manual `for` cycles it's preferred to use enhanced-for cycle
> instead: it's less verbose, makes code easier to read
On Fri, 24 Sep 2021 08:01:07 GMT, Daniel JeliĆski
wrote:
> The default list of providers defined in java.security file can be overridden
> with a custom file, declared with
> `-Djava.security.properties=/path/to/custom.security` command line parameter.
> If the new list of providers is
On Fri, 24 Sep 2021 05:33:46 GMT, Alexey Bakhtin wrote:
>> The code change handles KDC_ERR_SVC_UNAVAILABLE error code (29) received
>> from KDC and resends the initial request to the next KDC in the list. It
>> aligns error code handling with the MIT Kerberos implementation.
>>
On Thu, 23 Sep 2021 16:52:07 GMT, Alexey Bakhtin wrote:
> The code change handles KDC_ERR_SVC_UNAVAILABLE error code (29) received from
> KDC and resends the initial request to the next KDC in the list. It aligns
> error code handling with the MIT Kerberos implementation.
> sun/security/krb5
On Thu, 23 Sep 2021 16:52:07 GMT, Alexey Bakhtin wrote:
> The code change handles KDC_ERR_SVC_UNAVAILABLE error code (29) received from
> KDC and resends the initial request to the next KDC in the list. It aligns
> error code handling with the MIT Kerberos implementation.
> sun/security/krb5
This code change removes weak etypes from the default list so it's safer to
enable one of them. See the corresponding CSR at
https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
please review the CSR as well.
-
Commit messages:
- 8273670: Remove weak etypes
On Thu, 16 Sep 2021 19:03:26 GMT, Andrey Turbanov
wrote:
> Pass "cause" exception as constructor parameter is shorter and easier to read.
Looks fine. Thanks.
-
Marked as reviewed by weijun (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/5551
On Mon, 20 Sep 2021 17:27:42 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/provider/certpath/PKIX.java line
>> 228:
>>
>>> 226: }
>>> 227: return timestampDate;
>>> 228: }
>>
>> Can we also add some words to the `date()` method? Something
On Fri, 17 Sep 2021 14:29:34 GMT, Sean Mullan wrote:
>> This change will disable JARs signed with algorithms using SHA-1 by default,
>> and treat them as unsigned. This applies to the algorithms used to digest,
>> sign, and optionally timestamp the JAR. It also applies to the signature and
>>
On Wed, 15 Sep 2021 08:01:30 GMT, Thejasvi Voniadka
wrote:
> The test "sun/security/pkcs12/KeytoolOpensslInteropTest.java" performs
> interoperability checks between JDK and openssl with respect to certain
> keystore operations. The test requires a suitable version of openssl to be
>
On Wed, 15 Sep 2021 08:01:30 GMT, Thejasvi Voniadka
wrote:
> The test "sun/security/pkcs12/KeytoolOpensslInteropTest.java" performs
> interoperability checks between JDK and openssl with respect to certain
> keystore operations. The test requires a suitable version of openssl to be
>
On Mon, 23 Aug 2021 14:52:46 GMT, Weijun Wang wrote:
> This code change adds new methods to `DerInputStream` to easily and safely
> read optional fields in a ASN.1 DER-encoded value. It also adds several
> wrapping methods to `DerValue` to avoid unnecessary memory copying when
On Wed, 1 Sep 2021 04:17:23 GMT, Jamil Nimeh wrote:
> This fix adds an EC private key range check for the scalar value to be within
> the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA
> Signature algorithms and ECDH KeyAgreement algorithms. While the SunEC
>
On Wed, 1 Sep 2021 04:17:23 GMT, Jamil Nimeh wrote:
> This fix adds an EC private key range check for the scalar value to be within
> the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA
> Signature algorithms and ECDH KeyAgreement algorithms. While the SunEC
>
On Wed, 25 Aug 2021 19:00:06 GMT, Weijun Wang wrote:
> This code change collects all key types and runs `chooseClientAlias` only
> once.
This pull request has now been integrated.
Changeset: 3d657eb0
Author:Weijun Wang
URL:
https://git.openjdk.java.net/jdk/
urityManager` at runtime.
>
> Please note that this code change requires jtreg to be upgraded to 6.1, where
> a security manager [will not be
> set](https://bugs.openjdk.java.net/browse/CODETOOLS-7902990).
Weijun Wang has updated the pull request incrementally with one additional
co
On Fri, 20 Aug 2021 22:44:34 GMT, Weijun Wang wrote:
> This change modifies the default value of the `java.security.manager` system
> property from "allow" to "disallow". This means unless it's explicitly set to
> "allow", any call to `System.s
401 - 500 of 2902 matches
Mail list logo
