Re: [9] RFR: 8164591: sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java failed with SSLHandshakeException

On 9/15/2016 9:45 AM, Artem Smotrakov wrote: Well, in this particular case it's not clear that it has the same issue with free port (at least to me). The exception occurred on client side, so it's not the case where we don't know where the handshake came from. ;-) Yeh, you catch the point. But

Re: [9] RFR: 8164591: sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java failed with SSLHandshakeException

Well, in this particular case it's not clear that it has the same issue with free port (at least to me). The exception occurred on client side, so it's not the case where we don't know where the handshake came from. I can make this enhancement, but like I said I don't think it's going to

Re: RFR(M): 8166032: Fix module dependencies for javax.SSL tests

On 9/15/2016 9:36 AM, Wang Weijun wrote: I see. But krb5 cipher suites is just a very small part of TLS. Maybe we can tweak the tests a little so that they can work without JGSS. Agreed. I don't like the dependence, too. Let's consider an enhancement later in a separate enhancement.

Re: [9] RFR: 8164591: sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java failed with SSLHandshakeException

On 9/15/2016 9:23 AM, Artem Smotrakov wrote: Hi Xuelei, For this one, I am not sure that it would help here since the test failed after it already had started handshaking. It has the same issue as a free-port is used. We don't actually know the handshake is coming from the right client.

Re: RFR(M): 8166032: Fix module dependencies for javax.SSL tests

I see. But krb5 cipher suites is just a very small part of TLS. Maybe we can tweak the tests a little so that they can work without JGSS. I am fine with the change at the moment. Thanks Max > On Sep 15, 2016, at 7:39 AM, Xuelei Fan wrote: > > I did some research

Re: [9] RFR: 8164591: sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java failed with SSLHandshakeException

Hi Xuelei, For this one, I am not sure that it would help here since the test failed after it already had started handshaking. I would prefer to have it as a separate enhancement. Artem On 09/14/2016 06:19 PM, Xuelei Fan wrote: As you were already there, I would suggest to consider the

Re: [9] RFR: 8164591: sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java failed with SSLHandshakeException

As you were already there, I would suggest to consider the SSLSocketSample.java template as the comment in JDK-8163924 review thread. Thanks, Xuelei On 9/15/2016 9:13 AM, Artem Smotrakov wrote: Not urgent, but I would appreciate if someone can get a chance to look at this. Artem On

Re: [9] RFR: 8164591: sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java failed with SSLHandshakeException

Not urgent, but I would appreciate if someone can get a chance to look at this. Artem On 09/07/2016 03:17 PM, Artem Smotrakov wrote: Sending to net-...@openjdk.java.net as well. Artem On 09/07/2016 12:28 PM, Artem Smotrakov wrote: Hello, Please review the following patch for

Re: [9] RFR: 8163924: SSLEngineBadBufferArrayAccess.java fails intermittently with Unrecognized SSL message

Hi Xuelei, Sure, I am fine to use the approach which is implemented in SSLSocketSample.java. But please note that SSLEngineBadBufferArrayAccess.java test uses ServerSocket+SSEngine on server side, so I applied the approach from SSLSocketSample.java to the test:

Code Review Request, JDK-8146600 AVA Normalizer.Form issue

Hi, Please review this fix: http://cr.openjdk.java.net/~xuelei/8146600/webrev.00/ The Normalizer.Form.NFKD is used to normalize attribute-value assertion in X.509 certificate processing. The normalizer may convert some UTF-8 character into ASCII code. For example, "，"(two bytes) will be

Re: RFR(M): 8166032: Fix module dependencies for javax.SSL tests

I did some research yesterday. The "/javax/net/ssl/TLSCommon" lib depends on krb5. For example, BufferOverflowUnderflowTest need to set up KDC and test krb5 cipher suites. Xuelei On 9/15/2016 6:21 AM, Wang Weijun wrote: Confusing. This does not show why jgss is needed. I'll do some

Re: RFR(M): 8166032: Fix module dependencies for javax.SSL tests

Confusing. This does not show why jgss is needed. I'll do some investigation. Thanks Max > 在 2016年9月14日，23:57，Sergei Kovalev 写道： > > java.lang.module.ResolutionException: Module java.naming not found, required > by java.security.jgss

Re: RFR(S): 8165689: Fix module dependencies for sun/security/pkcs11/* tests

Thanks for the information. It would be very useful if you could add that additional information as an example into the bug report for future reference. --Sean On 09/14/2016 11:26 AM, Sergei Kovalev wrote: Hi Sean, I'm working for testing minimal JRE image. If I create custom JRE with

Re: RFR(S): 8165689: Fix module dependencies for sun/security/pkcs11/* tests

Answered in other thread 14.09.16 18:54, Wang Weijun wrote: Sorry I was thinking about another bug on TLS tests -- 8166032. What exception is thrown there if the jgss module is missing? Thanks Max 在 2016年9月14日，23:44，Wang Weijun > 写道：

Re: RFR(M): 8166032: Fix module dependencies for javax.SSL tests

here it is an example jtreg -verbose:all -jdk /home/skovalev/TRASH/jdk-9 -javaoptions:"--limit-modules java.base" /home/skovalev/repos/jdk9-dev/jdk/test/javax/net/ssl/TLSv11/TLSHandshakeTest.java STDOUT: Error occurred during initialization of VM java.lang.module.ResolutionException:

Re: RFR(S): 8165689: Fix module dependencies for sun/security/pkcs11/* tests

Sorry I was thinking about another bug on TLS tests -- 8166032. What exception is thrown there if the jgss module is missing? Thanks Max > 在 2016年9月14日，23:44，Wang Weijun 写道： > > The example shows jdk.crypto.pkcs11 is needed, but I still don't know why >

Re: RFR(S): 8165689: Fix module dependencies for sun/security/pkcs11/* tests

The example shows jdk.crypto.pkcs11 is needed, but I still don't know why java.security.jgss is. Can you give another example where jgss must be present? Thanks Max > 在 2016年9月14日，23:26，Sergei Kovalev 写道： > > Hi Sean, > > I'm working for testing minimal JRE image.

Re: RFR(S): 8165689: Fix module dependencies for sun/security/pkcs11/* tests

Hi Sean, I'm working for testing minimal JRE image. If I create custom JRE with java.base only - the tests fail. To emulate such behavior we can use "--limit-modules java.base" option. In case if we have no module declaration in tests header the test fails with, e.g. ClassNotFound exception

Re: RFR(S): 8165689: Fix module dependencies for sun/security/pkcs11/* tests

Looks fine to me, but can you explain in more detail why the extra dependencies are needed, or an example using --limit-modules? These tests are not failing regularly now, so when do the missing dependencies cause failures? Thanks, Sean On 09/13/2016 08:34 AM, Sergei Kovalev wrote: Hello

Re: RFR(M): 8166032: Fix module dependencies for javax.SSL tests

OK. Looks fine to me. Thanks, Xuelei On 9/14/2016 9:58 PM, Sergei Kovalev wrote: Hi Xuelei, I discovered 53 tests in javax/net/ssl folder that refer to /sun/security/krb5/auto. In general it is about 10 unique tests. All the tests depends on KDC class. In other places the tests repeated with

Re: RFR(M): 8166032: Fix module dependencies for javax.SSL tests

14.09.16 16:56, Wang Weijun wrote: I also have no idea why these are needed: + * @modules java.security.jgss + * jdk.security.auth Do the test uses KRB5-related cipher suites? The tests using /sun/security/krb5/auto. Looks like it is the root cause. Thanks Max On Sep 14, 2016,

Re: RFR(M): 8166032: Fix module dependencies for javax.SSL tests

Hi Xuelei, I discovered 53 tests in javax/net/ssl folder that refer to /sun/security/krb5/auto. In general it is about 10 unique tests. All the tests depends on KDC class. In other places the tests repeated with different set of environment variable. e.g. "-Dtest.security.protocol=TLSv1.1",

Re: RFR(M): 8166032: Fix module dependencies for javax.SSL tests

I also have no idea why these are needed: + * @modules java.security.jgss + * jdk.security.auth Do the test uses KRB5-related cipher suites? Thanks Max > On Sep 14, 2016, at 8:54 PM, Xuelei Fan wrote: > > Hi Sergei, > > Thanks for the update. The fix looks

Re: RFR(M): 8166032: Fix module dependencies for javax.SSL tests

Hi Sergei, Thanks for the update. The fix looks fine to me. However, I'm not sure why some tests need the "/sun/security/krb5/auto" libraries and the related modules. As you were already there, would you mind help to test whether the "/sun/security/krb5/auto" library can be removed for

RFR(M): 8166032: Fix module dependencies for javax.SSL tests

Hello Team, Could you please review below fix for Bug ID: https://bugs.openjdk.java.net/browse/JDK-8166032 Code review: http://cr.openjdk.java.net/~skovalev/8166032/webrev.00/ Issue: The test should be able to pass or skipped by JTreg test suite if required modules have not been included in

Do your NSS DLLs on Windows have execute permission?

I see PKCS11 tests fail on my Windows 10 after JDK-8165946 [1]. After discussing with John (who worked on the bug) I found my NSS DLLs do not have the execute permission bit and his have. Mine is -rw-r--r--, and his is -rwxrwx---+. I am using cygwin on Windows 10 64-bit, and I use hg inside

Re: [9] RFR: 8165660: Remove the intermittent keyword from sun/security/krb5/auto/MaxRetries.java

After some thinking, I am OK with the change now. Please remove the keyword. Thanks Max On 9/13/2016 19:11, Weijun Wang wrote: Is there a criteria on when to add and when to remove this keyword? Due to the characteristics (timeout, ICMP) of these tests, they still have a chance to fail. If we

Re: RFR[9] JDK-8077138: Some PKCS11 tests fail because NSS library is not initialized

Hi, On 2016/9/14 14:59, Weijun Wang wrote: Hi John I just noticed this webrev request. After syncing with jdk9/dev, the PKCS11 tests still fail on my 64-bit Windows 10 machine. I had always thought [1] the failure is due to the DLLs without the executable bit. In fact, after I chmod a+x

Re: RFR[9] JDK-8077138: Some PKCS11 tests fail because NSS library is not initialized

Hi John I just noticed this webrev request. After syncing with jdk9/dev, the PKCS11 tests still fail on my 64-bit Windows 10 machine. I had always thought [1] the failure is due to the DLLs without the executable bit. In fact, after I chmod a+x them, the tests pass. How did you confirm