> The jarsigner tool currently provides warning associated with the signer’s
> cert when it uses weak algorithms, but not for the CA certs. This change is
> to process the signer’s cert chain to warn if CA certs use weak algorithms.
Hai-May Chao has updated the pull request incrementally with
On Tue, 12 Jan 2021 22:22:55 GMT, Rajan Halade wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> No warning for trusted cert's SHA1, and added debug output to test
>
>
On Tue, 12 Jan 2021 20:57:41 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> No warning for trusted cert's SHA1, and added debug output to test
>
> Changes requested by mullan (Reviewer).
Thanks
On Mon, 11 Jan 2021 04:57:19 GMT, Xue-Lei Andrew Fan wrote:
> The SSLSocketImpl and SSLEngineImpl implementation does not override the
> toString() method. The old code did. BTW, I also made a few code clean up
> in the SSLSocketImpl.java.
>
> Code clean up, trivial update, no new
On Thu, 7 Jan 2021 18:50:05 GMT, Claes Redestad wrote:
>> Removing the UUID clone cache and running the microbenchmark along with the
>> changes in #1933:
>>
>> Benchmark (size) Mode
>> CntScoreError Units
>>
On Tue, 12 Jan 2021 21:38:32 GMT, Martin Balao wrote:
>
>
> > For cipher impls, there are more than just P11Cipher, there are also
> > P11AEADCipher and P11RSACipher. It looks like they should be updated with
> > this defensive cancellation change unless the non-compliant NSS impl is
> >
> Can someone help review this?
>
> This change enhances RSA KeyFactory impl of SunRsaSign and SunPKCS11
> providers to accept RSA keys in PKCS#1 format and encoding and translate them
> to provider-specific RSA keys. Updated the relevant tests with a sample
> PKCS#1 encoded key pair.
>
>
> Can someone help review this?
>
> This change enhances RSA KeyFactory impl of SunRsaSign and SunPKCS11
> providers to accept RSA keys in PKCS#1 format and encoding and translate them
> to provider-specific RSA keys. Updated the relevant tests with a sample
> PKCS#1 encoded key pair.
>
>
On Tue, 15 Dec 2020 20:29:08 GMT, Valerie Peng wrote:
> Can someone help review this?
>
> This change enhances RSA KeyFactory impl of SunRsaSign and SunPKCS11
> providers to accept RSA keys in PKCS#1 format and encoding and translate them
> to provider-specific RSA keys. Updated the relevant
On Wed, 6 Jan 2021 15:33:59 GMT, Martin Balao wrote:
> As described in JDK-8259319 [1], this fix proposal is to set proper access
> permissions so the SunPKCS11 provider can create instances of SunJCE classes
> when a Security Manager is installed and the fallback scheme is used.
>
> No
On Fri, 8 Jan 2021 20:08:57 GMT, Valerie Peng wrote:
>> Because a C_EncryptUpdate call that returns with an error here [1] implies
>> that a session (with an active operation) is returned to the Session Manager
>> here [2] [3]. For decryption, where we have proper padding on the Java side
>>
On Tue, 12 Jan 2021 03:34:00 GMT, Hai-May Chao wrote:
> The jarsigner tool currently provides warning associated with the signer’s
> cert when it uses weak algorithms, but not for the CA certs. This change is
> to process the signer’s cert chain to warn if CA certs use weak algorithms.
On Tue, 12 Jan 2021 03:34:00 GMT, Hai-May Chao wrote:
> The jarsigner tool currently provides warning associated with the signer’s
> cert when it uses weak algorithms, but not for the CA certs. This change is
> to process the signer’s cert chain to warn if CA certs use weak algorithms.
On Mon, 11 Jan 2021 19:52:16 GMT, Valerie Peng wrote:
> For cipher impls, there are more than just P11Cipher, there are also
> P11AEADCipher and P11RSACipher. It looks like they should be updated with
> this defensive cancellation change unless the non-compliant NSS impl is
>
On Tue, 12 Jan 2021 20:10:34 GMT, Rajan Halade wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> update to use List.of() and typo changes
>
>
On Tue, 12 Jan 2021 19:18:18 GMT, Hai-May Chao wrote:
>> This enhancement adds support for the nonce extension in OCSP request
>> extensions by system property jdk.security.certpath.ocspNonce.
>>
>> Please review the CSR at:
>> https://bugs.openjdk.java.net/browse/JDK-8257766
>
> Hai-May Chao
On Tue, 12 Jan 2021 16:26:11 GMT, Jamil Nimeh wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> update to use List.of() and typo changes
>
> In general it looks pretty good. Just a couple small comments.
Thanks
> This enhancement adds support for the nonce extension in OCSP request
> extensions by system property jdk.security.certpath.ocspNonce.
>
> Please review the CSR at:
> https://bugs.openjdk.java.net/browse/JDK-8257766
Hai-May Chao has updated the pull request incrementally with one additional
On Tue, 12 Jan 2021 17:19:17 GMT, Xue-Lei Andrew Fan wrote:
>> The SSLSocketImpl and SSLEngineImpl implementation does not override the
>> toString() method. The old code did. BTW, I also made a few code clean up
>> in the SSLSocketImpl.java.
>>
>> Code clean up, trivial update, no new
> The SSLSocketImpl and SSLEngineImpl implementation does not override the
> toString() method. The old code did. BTW, I also made a few code clean up
> in the SSLSocketImpl.java.
>
> Code clean up, trivial update, no new regression test.
Xue-Lei Andrew Fan has updated the pull request with
On Mon, 11 Jan 2021 21:41:56 GMT, Hai-May Chao wrote:
> This enhancement adds support for the nonce extension in OCSP request
> extensions by system property jdk.security.certpath.ocspNonce.
>
> Please review the CSR at:
> https://bugs.openjdk.java.net/browse/JDK-8257766
In general it looks
21 matches
Mail list logo
