Re: RFR: 8328608: Multiple NewSessionTicket support for TLS

2024-06-19 Thread John Jiang
On Wed, 29 May 2024 18:53:55 GMT, Anthony Scarpino wrote: > Hi > > This change is to improve TLS 1.3 session resumption by allowing a TLS server > to send more than one resumption ticket per connection and clients to store > more. Resumption is a quick way to use an existing TLS session to e

Integrated: 8333754: Add a Test against ECDSA and ECDH NIST Test vector

2024-06-19 Thread Sibabrata Sahoo
On Fri, 14 Jun 2024 06:23:32 GMT, Sibabrata Sahoo wrote: > Tests added against ECDSA and ECDH NIST Test vector. This pull request has now been integrated. Changeset: fad6644e Author:Sibabrata Sahoo URL: https://git.openjdk.org/jdk/commit/fad6644eabbad6b6d3472206d9db946408aca612 Stat

Re: RFR: 8333938: Exclude CAInterop.java#digicerttlsrsarootg5

2024-06-19 Thread SendaoYan
On Wed, 19 Jun 2024 15:36:44 GMT, Christoph Langer wrote: > Looks like this PR can be closed. The underlying issue has been resolved by > the CA. Okey. - PR Comment: https://git.openjdk.org/jdk/pull/19694#issuecomment-2179040063

Withdrawn: 8333938: Exclude CAInterop.java#digicerttlsrsarootg5

2024-06-19 Thread SendaoYan
On Thu, 13 Jun 2024 12:32:58 GMT, SendaoYan wrote: > Hi all, > Test > `security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#digicerttlsrsarootg5` > report failure as failed to validate, before the validate issue has been > fixed, should we problem list the testcase.

Re: RFR: 8334106: Problemlist CAInterop.java#quovadisrootca1g3 due to JDK-8334105 [v2]

2024-06-19 Thread SendaoYan
On Fri, 14 Jun 2024 00:58:30 GMT, SendaoYan wrote: >> Thanks for the approved. > >> @sendaoYan As a best practice, it would be useful to first understand why >> the test is not working before putting it on the ProblemList. Depending on >> the severity of the problem that is not always possible,

Withdrawn: 8334106: Problemlist CAInterop.java#quovadisrootca1g3 due to JDK-8334105

2024-06-19 Thread SendaoYan
On Thu, 13 Jun 2024 01:20:55 GMT, SendaoYan wrote: > Hi all, > Test > `security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca1g3` > report failure as `failed to validate`, before the validate issue has been > fixed, should we problem list the testcas

Re: RFR: 8334201: Exclude CAInterop.java#certignarootca

2024-06-19 Thread Thomas Stuefe
On Thu, 13 Jun 2024 09:05:07 GMT, Christoph Langer wrote: > The test is failing currently and the JBS issue could not be resolved since > about a month, so let's exclude the test for now. What is the point of stalling this PR? The test causes test errors, so it should be problemlisted. And if

Re: RFR: 8334201: Exclude CAInterop.java#certignarootca

2024-06-19 Thread Christoph Langer
On Thu, 13 Jun 2024 09:05:07 GMT, Christoph Langer wrote: > The test is failing currently and the JBS issue could not be resolved since > about a month, so let's exclude the test for now. Any updates? If not, I would like to integrate this after end of this week... - PR Comment: h

RFR: 8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test

2024-06-19 Thread Fernando Guallini
The following test: **com/sun/security/auth/callback/TextCallbackHandler/Default.java** is currently marked to be run manually because user inputs are required in the console, but instead it can be automated by providing a custom inputStream to System.in in the actual test to simulate sequentia

Re: RFR: 8334202: Exclude CAInterop.java#sslrooteccca,sslrootevrsaca

2024-06-19 Thread Christoph Langer
On Thu, 13 Jun 2024 09:25:11 GMT, Christoph Langer wrote: > Let's exclude these CAInterop tests until the problem is fixed. I'll integrate this if we don't hear back from the CA by the end of the week. - PR Comment: https://git.openjdk.org/jdk/pull/19690#issuecomment-2179010698

Re: RFR: 8333938: Exclude CAInterop.java#digicerttlsrsarootg5

2024-06-19 Thread Christoph Langer
On Thu, 13 Jun 2024 12:32:58 GMT, SendaoYan wrote: > Hi all, > Test > `security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#digicerttlsrsarootg5` > report failure as failed to validate, before the validate issue has been > fixed, should we problem list the testcase.

Re: RFR: 8334106: Problemlist CAInterop.java#quovadisrootca1g3 due to JDK-8334105 [v2]

2024-06-19 Thread Christoph Langer
On Fri, 14 Jun 2024 00:58:30 GMT, SendaoYan wrote: >> Thanks for the approved. > >> @sendaoYan As a best practice, it would be useful to first understand why >> the test is not working before putting it on the ProblemList. Depending on >> the severity of the problem that is not always possible,

Re: RFR: 8328608: Multiple NewSessionTicket support for TLS

2024-06-19 Thread John Jiang
On Wed, 5 Jun 2024 17:33:02 GMT, Anthony Scarpino wrote: >> src/java.base/share/classes/sun/security/util/Cache.java line 683: >> >>> 681: >>> 682: // Limit the number of queue entries. >>> 683: private static final int MAXQUEUESIZE = 10; >> >> What do you think about making th

Re: RFR: 8328608: Multiple NewSessionTicket support for TLS

2024-06-19 Thread John Jiang
On Wed, 29 May 2024 18:53:55 GMT, Anthony Scarpino wrote: > Hi > > This change is to improve TLS 1.3 session resumption by allowing a TLS server > to send more than one resumption ticket per connection and clients to store > more. Resumption is a quick way to use an existing TLS session to e

Re: RFR: 8328608: Multiple NewSessionTicket support for TLS

2024-06-19 Thread Anthony Scarpino
On Wed, 19 Jun 2024 02:43:56 GMT, John Jiang wrote: >> All the T13 log messages use the same format. I agree it is different from >> the T12 log messages, but it helps distinguish the failures for different >> protocols. >> Though saying "session timed out" is probably better > > Here the sess

Withdrawn: 8315487: Security Providers Filter

2024-06-19 Thread duke
On Fri, 1 Sep 2023 15:13:46 GMT, Martin Balao wrote: > In addition to the goals, scope, motivation, specification and requirement > notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would > like to describe the most relevant decisions taken during the implementation > of

Withdrawn: 8329335: HttpsURLConnectionTest fails due to network firewall rules

2024-06-19 Thread Fernando Guallini
On Mon, 17 Jun 2024 09:16:45 GMT, Fernando Guallini wrote: > Since HttpsURLConnectionTest attempts to reach external servers, it can fail > if run on hosts without outbound traffic allowed. Therefore, it should not be > executed in CI pipelines but rather manually on a host with no firewall ru