Alex, Thank you very much for the quick debugging and feedback. You conclusion is identical to me that JDK-8014618 does not apply to JDK 6.
Good luck! Xuelei On 7/11/2014 6:18 PM, Alex Bligh wrote: > Xulei, > > On 11 Jul 2014, at 07:14, Alex Bligh <a...@alex.org.uk> wrote: > >> In this case I'm afraid I have confirmed that it is *not* the cause of the >> particular failure we are seeing (the failure turned out to be elsewhere >> after many hours debugging). >> >> However, reading the code it would seem this should still be an issue, >> and if it is an issue should presumably be reproducible using the >> test case at: >> https://bugs.openjdk.java.net/browse/JDK-8014618 >> >> I'll have a go at this later if I get some time. > > I got some time. I've run over 5,000 iterations of the test without a > single error. I am assuming: > > depth=0 CN = test > verify error:num=18:self signed certificate > verify return:1 > depth=0 CN = test > verify return:1 > > is acceptable as an output, i.e. it's still doing the DH key > exchange, because verify errors do not cause s_client to abort. > > Given the errors should occur 1 in 256 iterations, I think > we can conclude this bug does not exist in JDK-6. > > Apologies for the wasted electrons. >