Xulei, On 11 Jul 2014, at 07:14, Alex Bligh <a...@alex.org.uk> wrote:
> In this case I'm afraid I have confirmed that it is *not* the cause of the > particular failure we are seeing (the failure turned out to be elsewhere > after many hours debugging). > > However, reading the code it would seem this should still be an issue, > and if it is an issue should presumably be reproducible using the > test case at: > https://bugs.openjdk.java.net/browse/JDK-8014618 > > I'll have a go at this later if I get some time. I got some time. I've run over 5,000 iterations of the test without a single error. I am assuming: depth=0 CN = test verify error:num=18:self signed certificate verify return:1 depth=0 CN = test verify return:1 is acceptable as an output, i.e. it's still doing the DH key exchange, because verify errors do not cause s_client to abort. Given the errors should occur 1 in 256 iterations, I think we can conclude this bug does not exist in JDK-6. Apologies for the wasted electrons. -- Alex Bligh