Approved for jdk7u40-dev.
regards,
Sean.
On 25/06/2013 11:29, Vincent Ryan wrote:
There is no specific test to verify the fix (it's labeled 'noreg-hard').
Our existing PKCS11 tests already exercise the code path that the new
NSS initializer now uses.
I've added a link to a recent JPRT test run to my justification comment:
https://jbs.oracle.com/bugs/browse/JDK-7165807?focusedCommentId=13343012&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13343012
On 24 Jun 2013, at 21:49, Seán Coffey wrote:
Vinnie,
as per phase 2 process [1] - what tests have been run to verify this
fix ?
Regards,
Sean.
[1] http://openjdk.java.net/projects/jdk7u/phase2/phase2-process.html
On 24/06/13 12:40, Vincent Ryan wrote:
Hello all,
Please approve the following fix for 7u40:
Bug:http://bugs.sun.com/view_bug.do?bug_id=7165807
Webrev:http://cr.openjdk.java.net/~vinnie/7165807/webrev.01/
Code
review:http://mail.openjdk.java.net/pipermail/security-dev/2013-June/007786.html
JDK 8 changeset: [under construction]
This fix modifies the SunPKCS11 JCE provider to initialize the Mozilla Network
Security Services (NSS)
crypto library to favour performance over memory footprint, by default. A new
SunPKCS11 configuration
flag 'nssOptimizeSpace' has been introduced to enable Java applications to
revert to the old behaviour.
Note that this change affects only the NSS-specific mode of the SunPKCS11
provider. It makes it consistent
with the provider's regular behaviour which already initializes NSS to favour
performance over memory
footprint.
Thanks.
