The jarsigner tool currently provides warning associated with the signer’s cert
when it uses weak algorithms, but not for the CA certs. This change is to
process the signer’s cert chain to warn if CA certs use weak algorithms.
-
Commit messages:
- 8259401: Add checking to jarsigner
This enhancement adds support for the nonce extension in OCSP request
extensions by system property jdk.security.certpath.ocspNonce.
Please review the CSR at:
https://bugs.openjdk.java.net/browse/JDK-8257766
-
Commit messages:
- 8256895: Add support for RFC 8954: Online Certificate
On Mon, 11 Jan 2021 19:25:28 GMT, Volker Simonis wrote:
> [JDK-8237578](https://bugs.openjdk.java.net/browse/JDK-8237578) caused a few
> internal and external tests to fail (see
> [JDK-8259572](https://bugs.openjdk.java.net/browse/JDK-8259572)).
>
> Backout [JDK-8237578](https://bugs.openjdk.j
On Mon, 11 Jan 2021 19:25:28 GMT, Volker Simonis wrote:
> [JDK-8237578](https://bugs.openjdk.java.net/browse/JDK-8237578) caused a few
> internal and external tests to fail (see
> [JDK-8259572](https://bugs.openjdk.java.net/browse/JDK-8259572)).
>
> Backout [JDK-8237578](https://bugs.openjdk.j
On Fri, 8 Jan 2021 21:30:14 GMT, Martin Balao wrote:
>> As described in JDK-8259319 [1], this fix proposal is to set proper access
>> permissions so the SunPKCS11 provider can create instances of SunJCE classes
>> when a Security Manager is installed and the fallback scheme is used.
>>
>> No r
On Fri, 8 Jan 2021 19:28:55 GMT, Martin Balao wrote:
> The P11Cipher case is different because the size of the output buffer (the
> one that may lead to a CKR_BUFFER_TOO_SMALL error) is a user input and the
> error visible to OpenJDK Java code [4] [5] [6] [7]. In addition, and contrary
> to th
On Mon, 11 Jan 2021 19:25:28 GMT, Volker Simonis wrote:
> [JDK-8237578](https://bugs.openjdk.java.net/browse/JDK-8237578) caused a few
> internal and external tests to fail (see
> [JDK-8259572](https://bugs.openjdk.java.net/browse/JDK-8259572)).
>
> Backout [JDK-8237578](https://bugs.openjdk.j
On Fri, 8 Jan 2021 19:28:55 GMT, Martin Balao wrote:
>>> In summary, I believe we need changes in the OpenJDK side to properly
>>> handle CKR_BUFFER_TOO_SMALL errors when C_SignFinal or C_Sign PKCS#11
>>> functions are called from P11Signature. Even if other error types or
>>> functions such a
[JDK-8237578](https://bugs.openjdk.java.net/browse/JDK-8237578) caused a few
internal and external tests to fail (see
[JDK-8259572](https://bugs.openjdk.java.net/browse/JDK-8259572)).
Backout [JDK-8237578](https://bugs.openjdk.java.net/browse/JDK-8237578) and
redo it properly such that it doesn
On Mon, 11 Jan 2021 17:24:23 GMT, Volker Simonis wrote:
> JDK-8237578 exposes some SocketExceptions directly which were previously
> wrapped inside an SSLException. The change updated one test to take this new
> behaviour into account (i.e. TrustTrustedCert.java) but apparently missed
> other
On Fri, 8 Jan 2021 21:30:14 GMT, Martin Balao wrote:
>> As described in JDK-8259319 [1], this fix proposal is to set proper access
>> permissions so the SunPKCS11 provider can create instances of SunJCE classes
>> when a Security Manager is installed and the fallback scheme is used.
>>
>> No r
On Mon, 11 Jan 2021 17:31:38 GMT, Weijun Wang wrote:
>> Marked as reviewed by xuelei (Reviewer).
>
> I've force pushed a new series of commits from scratch. The difference:
>
> 1. The `s/Portions copyright/Copyright/` change is inside auto import.
> 2. Some `s/Sun Microsystems/Oracle/` change in
On Sun, 10 Jan 2021 05:17:23 GMT, Xue-Lei Andrew Fan wrote:
>> Weijun Wang has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains 13 commits:
>>
>> - No more newInstance calls
>> - Support RSA-PSS with parameters
>> - Reapply 829:
> This is a multi-commits PR that upgrades xmldsig to be equivalent to
> Santuario 2.2.0.
>
> The first step is an auto-import. The JDK implementation is removed first and
> Santuario code are imported. Some unrelated files (Ex: encryption) are
> removed, and package names are renamed to be int
JDK-8237578 exposes some SocketExceptions directly which were previously
wrapped inside an SSLException. The change updated one test to take this new
behaviour into account (i.e. TrustTrustedCert.java) but apparently missed other
tests.
The fix for the other tests is similar like the fix for Tr
On Mon, 11 Jan 2021 04:57:19 GMT, Xue-Lei Andrew Fan wrote:
> The SSLSocketImpl and SSLEngineImpl implementation does not override the
> toString() method. The old code did. BTW, I also made a few code clean up
> in the SSLSocketImpl.java.
>
> Code clean up, trivial update, no new regression
On Mon, 11 Jan 2021 12:00:09 GMT, Volker Simonis wrote:
>> Clive Verghese has refreshed the contents of this pull request, and previous
>> commits have been removed. The incremental views will show differences
>> compared to the previous content of the PR.
>
> Looks good to me.
This change cau
On Wed, 6 Jan 2021 23:28:34 GMT, Clive Verghese wrote:
> This PR aims to revert some more cases where SocketExceptions are improperly
> being wrapped as SSLException. Some work for this was done in
> [JDK-8235263](https://bugs.openjdk.java.net/browse/JDK-8235263), but that
> change did not cov
On Sun, 10 Jan 2021 06:56:17 GMT, Clive Verghese wrote:
>> This PR aims to revert some more cases where SocketExceptions are improperly
>> being wrapped as SSLException. Some work for this was done in
>> [JDK-8235263](https://bugs.openjdk.java.net/browse/JDK-8235263), but that
>> change did no
On Mon, 4 Jan 2021 21:20:53 GMT, Phil Race wrote:
>> Magnus Ihse Bursie has updated the pull request with a new target base due
>> to a merge or a rebase. The incremental webrev excludes the unrelated
>> changes brought in by the merge/rebase. The pull request contains eight
>> additional comm
20 matches
Mail list logo
