Vincent Ryan wrote:
There's a new webrev available at:
http://cr.openjdk.java.net/~vinnie/6885204/webrev.01/webrev/
CipherSuite.java
================
77 // It is true because we might not have an ECC or Kerberos
implementation.
After your change, this comment should be reverted back. Kerberos isn't
dynamic.
Otherwise looks good.
Brad
Brad Wetmore wrote:
Vincent Ryan wrote:
I'm proposing a change that enables JSSE to work when Kerberos is not
present
at runtime:
http://cr.openjdk.java.net/~vinnie/6885204/webrev.00/webrev/
DelegateHttpsURLConnection.java/HttpsClient.java
================================================
Can you put in a comment here that explains why you've added the
ciphersuite check? I had to think about it for a second, which means it
won't be immediately clear to others. ;)
Done.
CipherSuite.java/JsseJce.java
=================================
// It is true because we might not have an ECC or
// Kerberos implementation.
Here's a small can of worms. The dynamic code was added when ECC was
only available via the PKCS11 provider, and people could remove the ECC
tokens at will and thus effectively disable ECC. With the addition of
your full-time ECC provider, this could have gone away. But since some
of the open source folks wanted to make your ECC provider optional, I
guess we're have to continue this check.
That said, what you're trying to solve here is different. Either the
Kerberos implementation is there or it isn't. It doesn't get
dynamically installed into the JRE during the middle of a run, right? If
it's not made available dynamically, a simple one-time check should be
sufficient.
Right. I've changed the code to perform the Kerberos check just once
(in a static initializer).
Is the doPrivileged necessary here?
Yes, because the Class.forName references a class from a different package.
Brad
