Hi,
On 17.2.2016 14:41, Daniel Fuchs wrote:
Thanks Jaroslav, that's great!
If these certificates have an expiration date then
it's possible that we will have to regenerate them
from time to time...
Thanks for checking on this. I've update the certificates to have
expiration date 100 years from now (should be sufficient for now) and
updated the readme with the validity parameter.
Also, I've rebased the patch against jdk9/dev since this test has been
excluded there and it makes sense to include it back when it is fixed.
http://cr.openjdk.java.net/~jbachorik/8145919/webrev.04
-JB-
cheers,
-- daniel
On 17/02/16 13:13, Jaroslav Bachorik wrote:
On 16.2.2016 11:56, Daniel Fuchs wrote:
Hi Jaroslav,
I have no objection to this change.
Could you add a comment somewhere to explain how you
generated the truststore and keystore - in case we need
to tweak that again in the future?
I've added a simple readme file next to the keystores.
http://cr.openjdk.java.net/~jbachorik/8145919/webrev.03
-JB-
best regards,
-- daniel
On 16/02/16 10:41, Jaroslav Bachorik wrote:
On 11.2.2016 11:39, Jaroslav Bachorik wrote:
Please, review the following test change
Issue : https://bugs.openjdk.java.net/browse/JDK-8145919
Webrev: http://cr.openjdk.java.net/~jbachorik/8145919/webrev.02
The previous attempt to fix this problem was focused on the fact that
the test tend to fail on ARM64 platforms. This is no more true, the
failure is reproducible on various platforms if using fastdebug build.
It turns out that the test is setting up SSL in a way that only RC4
cipher suites are to be used (the test keys are generated by this
algo).
These cipher suites, however, has been disabled (JDK-8076221).
By all means the test should be failing since the RC4 test suites were
excluded. For some reason it started failing intermittently instead. I
will leave the exercise of figuring out why to someone with a thorough
expertise in SSL handshake.
The fix is straightforward - create new keys (and keystore and
truststore) using a supported cipher suite. I opted for the default
one
(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256) and update the ssl properties
for
the test to request this cipher suite. After this change the test is
passing regularly (tried running it 200 times in a loop - without any
failure).
Thanks,
-JB-
