Re: RFR: 8317332: Prepare security for permissive- [v3]

On Tue, 3 Oct 2023 02:55:09 GMT, Julian Waters wrote: >> Prepares java.security.jgss for the permissive- compiler switch by >> >> - Adding scopes so goto doesn't jump over unitialized locals in sspi.cpp >> - Adding a static modifier to a mismatched method declaration in >> NativeCreds.c, as

Integrated: 8311546: Certificate name constraints improperly validated with leading period

On Fri, 20 Oct 2023 20:52:13 GMT, Ben Perez wrote: > Updated the `constrains` method in `DNSName.java` to accept certificates with > a leading period. This pull request has now been integrated. Changeset: bfaf5704 Author:Ben Perez Committer: Sean Mullan URL:

RFR: 8317374: Add Let's Encrypt ISRG Root X2

This PR is to add new TLS root certificates from Let's Encrypt. This CA has gone through https://www.oracle.com/java/technologies/javase/carootcertsprogram.html process. The release-note is at [JDK-8318618](https://bugs.openjdk.org/browse/JDK-8318618) - Commit messages: -

Re: RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v8]

On Wed, 1 Nov 2023 13:58:01 GMT, Weijun Wang wrote: >> I don't see a behavior change that conflicts with the CSR. I think it is a >> wording issue, let me suggest some improvements in another comment. There is >> no longer a default value for `jdk.tls.maxCertificateChainLength`. Where is >>

RFR: 8319213: Compatibility.java reads both stdout and stderr of JdkUtils

There might be more warnings from the java launcher. Better ignore them now. - Commit messages: - the fix Changes: https://git.openjdk.org/jdk/pull/16450/files Webrev: https://webrevs.openjdk.org/?repo=jdk=16450=00 Issue: https://bugs.openjdk.org/browse/JDK-8319213 Stats: 1

Re: RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v8]

On Wed, 1 Nov 2023 13:38:08 GMT, Sean Mullan wrote: >> Sorry, I did not get time to review this behavior update. >> >>> This section of comments was taken from the CSR. I updated the comments as >>> follows. If it looks fine, I will update the related doc. Thanks! >>> >>> ``` >>> /*

Re: RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v8]

On Wed, 1 Nov 2023 07:35:48 GMT, Xue-Lei Andrew Fan wrote: >> This section of comments was taken from the CSR. I updated the comments as >> follows. If it looks fine, I will update the related doc. Thanks! >> >> /* >> * If either jdk.tls.server.maxInboundCertificateChainLength

Re: RFR: 8308453: Convert JKS test keystores in test/jdk/javax/net/ssl/etc to PKCS12 [v10]

On Wed, 1 Nov 2023 05:01:18 GMT, Kevin Driver wrote: >> test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java line 466: >> >>> 464: KeyManagerFactory kmf; >>> 465: >>> 466: try (FileInputStream fsIn = new FileInputStream(ksPath)) { >> >> No need for this `FileInputStream`.

Re: RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v8]

On Mon, 30 Oct 2023 21:53:44 GMT, Hai-May Chao wrote: >> I agree that wording is more clear. We should also update the RN with that >> wording. > > This section of comments was taken from the CSR. I updated the comments as > follows. If it looks fine, I will update the related doc. Thanks! >