On Wed, 12 Jan 2022 02:15:45 GMT, Hai-May Chao wrote:
> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
> class when performing algorithm constraints checks. This change is to enhance
> `keytool` to make use of the new methods
> `DisabledAlgorithmConstraints.permits
On Wed, 26 Jan 2022 14:30:22 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Reformat denyAfter date in exception message to -MM-DD
>
> Marked as reviewed by mullan (Reviewer).
@seanjmullan Th
On Wed, 26 Jan 2022 16:25:24 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed ^M from test
>
> test/jdk/sun/security/krb5/auto/HttpsCB.java line 120:
>
>> 118:
>> 119: boolean
On Wed, 26 Jan 2022 16:27:29 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed ^M from test
>
> test/jdk/sun/security/krb5/auto/HttpsCB.java line 201:
>
>> 199: return reader
On Tue, 25 Jan 2022 14:16:26 GMT, Weijun Wang wrote:
> Is it possible to add a regression test using the `-Djdk.net.hosts.file`
> feature? It is a JVM-only `/etc/hosts` alternative.
Good to know that. I added the test with customized hosts, and use URL
"www.example.com.".
-
PR:
> A hostname in an URL ending with a dot is valid (See RFC 1034). However, it
> is not a valid SNI hostname. The ending dot should be ignored while checking
> the hostname with SNI or the name in a X.509 certificate.
>
> The update could be verified with jshell.
> $ $JDK_HOME/bin/jshell
> jshe
> Related to #411, however it turns out that for unpadded ciphers, there is no
> need to allocate `internalOutput`, if `output` provides sufficient capacity.
>
> For padded ciphers, only the unpadded cleartext is expected to be copied to
> the output buffer. In this case, there is no way around
On Tue, 25 Jan 2022 03:39:54 GMT, Liam Miller-Cushon wrote:
> This change replaces hard-coded 127.0.0.1 loopback addresses with
> `InetAddress.getLoopbackAddress().getHostAddress()`, to allow the tests to
> work on IPv6-only systems. This matches the approach of previous fixes in
> [JDK-822008
On Wed, 26 Jan 2022 05:56:31 GMT, Hai-May Chao wrote:
>> Done. Removed the extra info (-MM-DD form) from the exception message
>> that was set in `DisabledAlgorithmConstraints` class, and re-formated the
>> `denyAfterDate` into -MM-DD format in keytool.
>
> The CertPathValidatorExceptio
On Wed, 26 Jan 2022 15:48:49 GMT, Sean Mullan wrote:
> Please change the JBS bug component to "security-libs" as these tests are in
> the security area.
Done. Thanks for the review!
-
PR: https://git.openjdk.java.net/jdk/pull/7209
On Wed, 26 Jan 2022 14:30:13 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Reformat denyAfter date in exception message to -MM-DD
>
> src/java.base/share/classes/sun/security/tools/keytool/Ma
> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
> class when performing algorithm constraints checks. This change is to enhance
> `keytool` to make use of the new methods
> `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters`
> and `checkKey`
On Wed, 26 Jan 2022 10:07:01 GMT, Sebastian Stenzel
wrote:
> Related to #411, however it turns out that for unpadded ciphers, there is no
> need to allocate `internalOutput`, if `output` provides sufficient capacity.
>
> For padded ciphers, only the unpadded cleartext is expected to be copied
On Wed, 26 Jan 2022 16:02:09 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
> Hi,
>
> This change adds Channel Binding Token (CBT) support to HTTPS
> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos)
> authentication scheme. When enabled, the implementation preemptively includes
> a CBT with authentication requests over Kerberos. The feature
On Tue, 25 Jan 2022 03:39:54 GMT, Liam Miller-Cushon wrote:
> This change replaces hard-coded 127.0.0.1 loopback addresses with
> `InetAddress.getLoopbackAddress().getHostAddress()`, to allow the tests to
> work on IPv6-only systems. This matches the approach of previous fixes in
> [JDK-822008
> Hi,
>
> This change adds Channel Binding Token (CBT) support to HTTPS
> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos)
> authentication scheme. When enabled, the implementation preemptively includes
> a CBT with authentication requests over Kerberos. The feature
On Wed, 26 Jan 2022 05:50:05 GMT, Hai-May Chao wrote:
>> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
>> class when performing algorithm constraints checks. This change is to
>> enhance `keytool` to make use of the new methods
>> `DisabledAlgorithmConstraints.per
Related to #411, however it turns out that for unpadded ciphers, there is no
need to allocate `internalOutput`, if `output` provides sufficient capacity.
For padded ciphers, only the unpadded cleartext is expected to be copied to the
output buffer. In this case, there is no way around the tempor
Hi Tony,
while running regression tests, I noticed that my assumption only holds true
for unpadded ciphers. For padded ciphers, we still need the temporary buffer,
as only the unpadded cleartext shall be written to the output buffer.
That said, here is my PR. I'd be happy if you could review it
20 matches
Mail list logo
