On Sat, 7 May 2022 11:46:37 GMT, Daniel Fuchs wrote:
>> Hi, please find here a patch that solves a rare intermittent test failure
>> observed in the test `java/net/httpclient/ExecutorShutdown.java`
>>
>> A race condition coupled with some too eager synchronization was causing a
>> deadlock
On Sat, 7 May 2022 11:46:37 GMT, Daniel Fuchs wrote:
>> Hi, please find here a patch that solves a rare intermittent test failure
>> observed in the test `java/net/httpclient/ExecutorShutdown.java`
>>
>> A race condition coupled with some too eager synchronization was causing a
>> deadlock
On Thu, 13 Jan 2022 12:10:11 GMT, Michael McMahon wrote:
> Hi,
>
> This change adds Channel Binding Token (CBT) support to HTTPS
> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos)
> authentication scheme. When enabled, the implementation preemp
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has
On Thu, 27 Jan 2022 16:47:52 GMT, Daniel Fuchs wrote:
>> It's `java.net.SocketException: Unexpected end of file from server`. Does
>> not include any CBT words so don't know if it's worth parsing.
>
> Thanks. Then it would be better to catch only `SocketException` here rather
> than
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has updated
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael Mc
On Tue, 25 Jan 2022 11:34:57 GMT, Michael Osipov wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> final review update (pre CSR)
>
> src/java.base/share/classes/sun/net/www
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Mich
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has u
On Mon, 24 Jan 2022 15:23:44 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contain
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has
On Fri, 21 Jan 2022 19:48:02 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> added root cause to NamingException
>
> src/java.base/share/classes/java/net/doc-file
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McM
On Fri, 21 Jan 2022 13:39:06 GMT, Michael Osipov wrote:
>> Actually, it turns out I should be throwing `NamingException` here. That is
>> what was being thrown by `TlsChannelBinding.parseType` before and an
>> existing test was expecting that. NamingException only takes a String
>> message.
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon has u
On Fri, 21 Jan 2022 13:38:08 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/http/HttpClient.java line 189:
>>
>>> 187: } else {
>>> 188: logError("Unexpected value for \"jdk.https.negotiate.cbt\"
>>
On Thu, 20 Jan 2022 11:16:16 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed sasl module dependency and added SaslException cause
>
> src/java.base/s
On Thu, 20 Jan 2022 11:14:40 GMT, Michael Osipov wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed sasl module dependency and added SaslException cause
>
> src/java.naming/s
On Thu, 20 Jan 2022 11:04:18 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed sasl module dependency and added SaslException cause
>
> src/java.base/share/
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael McMahon
On Wed, 19 Jan 2022 22:25:43 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> changes after first review round
>
> src/java.naming/share/classes/com/sun/jndi/ld
", "b.c" and all hosts under the domain "d.com" and all of its
> sub-domains.
>
> A test will be added separately to the implementation.
>
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
>
> Thanks,
> Michael
Michael
On Fri, 14 Jan 2022 15:06:12 GMT, Daniel Fuchs wrote:
> Have you been able to test this on a specific setup? Would be good to hear
> from @msheppar too.
I have tested it with the server setup by Prajwal. Security SQE are looking
into configuring a server with a similar setup which can be
On Wed, 19 Jan 2022 15:36:16 GMT, Michael McMahon wrote:
>>> It's actually a purely system property rather than a Net property at the
>>> moment (same as the other spnego ones). Maybe, I should convert them all to
>>> net properties, so they can be documented/set
On Sat, 15 Jan 2022 14:02:15 GMT, Michael Osipov wrote:
>> I suggest moving the `TlsChannelBinding` class into
>> `java.base/sun.security.util` since it's not only used by LDAP anymore. It's
>> even not restricted to GSS-API. According to
>> https://www.rfc-editor.org/rfc/rfc5056, "Although
On Mon, 17 Jan 2022 13:49:35 GMT, Daniel Fuchs wrote:
>> I vote for "jdk.https.tls.cbt"
>
>> It's actually a purely system property rather than a Net property at the
>> moment (same as the other spnego ones). Maybe, I should convert them all to
>> net properties, so they can be documented/set
On Mon, 17 Jan 2022 13:44:06 GMT, Daniel Fuchs wrote:
>> Shall we log a message if the value is not one of the 3 forms?
>
> Usually malformed values are just ignored - and the property takes its
> default value. But yes - s.n.w.h.HttpClient has a logger so it wouldn't be
> much effort to log
On Fri, 14 Jan 2022 14:52:13 GMT, Daniel Fuchs wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively
On Thu, 13 Jan 2022 18:18:24 GMT, Daniel Fuchs wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively
Hi,
This change adds Channel Binding Token (CBT) support to HTTPS
(java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos)
authentication scheme. When enabled, the implementation preemptively includes a
CBT with authentication requests over Kerberos. The feature is enabled
On Mon, 6 Dec 2021 21:27:48 GMT, Michael McMahon wrote:
> This updates the testkeys keystore file used by SimpleSSLContext in the test
> tree, in order to add subject alt names for the literal IP addresses
> "127.0.0.1" and "::1". This should allo
On Tue, 7 Dec 2021 15:03:31 GMT, Daniel Fuchs wrote:
>> test/jdk/com/sun/net/httpserver/SANTest.java line 77:
>>
>>> 75: int port1 = s1.getAddress().getPort();
>>> 76: int port2 = s2.getAddress().getPort();
>>> 77: test ("127.0.0.1", root+"/test1", port2,
This updates the testkeys keystore file used by SimpleSSLContext in the test
tree, in order to add subject alt names for the literal IP addresses
"127.0.0.1" and "::1". This should allow the self signed certificate in the
keystore to be accepted even when the local OS doesn't have a localhost
On Fri, 29 Oct 2021 16:17:46 GMT, Aleksei Efimov wrote:
>> This change implements a new service provider interface for host name and
>> address resolution, so that java.net.InetAddress API can make use of
>> resolvers other than the platform's built-in resolver.
>>
>> The following API
On Tue, 26 Oct 2021 16:24:48 GMT, Aleksei Efimov wrote:
>> This change implements a new service provider interface for host name and
>> address resolution, so that java.net.InetAddress API can make use of
>> resolvers other than the platform's built-in resolver.
>>
>> The following API
On Wed, 23 Jun 2021 12:10:54 GMT, Mahendra Chhipa
wrote:
>> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
>
> Mahendra Chhipa has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Implemented reviw comments.
Marked as
On Thu, 17 Jun 2021 16:23:08 GMT, Mahendra Chhipa
wrote:
>> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
>
> Mahendra Chhipa has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Implemented review comments
On Thu, 4 Mar 2021 15:56:58 GMT, Fernando Guallini
wrote:
>> Certain JVM tools may access and initialise InetAddress class and its static
>> fields during start up resulting in a NameService implementation being
>> already set to the default **PlatformNameService**, causing intermittent
>>
On Fri, 9 Oct 2020 09:17:48 GMT, Daniel Fuchs wrote:
>> src/java.base/share/classes/sun/net/www/MeteredStream.java line 123:
>>
>>> 121: lock();
>>> 122: try {
>>> 123: if (closed) return -1;
>>
>> This double check of `closed` is kind of irritating. Is it really
Hi Xuelei,
I have some concerns about these bugs also, though not exactly the same
as yours:
The "jdk.tls.client.protocols" system property is not part of the HTTP
client API. So, it's not
clear to me why the HTTP client is expected to enforce it. It is equally
possible for any code using
Looks fine to me Daniel.
- Michael.
On 02/09/2019, 14:00, Daniel Fuchs wrote:
Hi,
(cc-ing security dev for the changes in
test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
which is updated to allow for binding on a specific
IP Address)
Please find below a patch for:
8230435: Replace
Thanks for reporting this. I will look into it.
- Michael
On 20/07/2018, 08:38, Severin Gehwolf wrote:
Adding net-dev
On Fri, 2018-07-20 at 08:52 +0200, Thomas Lußnig wrote:
Hi,
i found an bug in JDK 10 with the new HttpClient. It does not handle
responses wihtout contentlength correctly.
Looks good Chris.
- Michael.
On 26/06/2018, 11:45, Chris Hegarty wrote:
Seems that the integration of TLS 1.3 erroneously added a number of
HTTP Client tests to the ProblemList. Previous to the TLS 1.3 push,
work was done to ensure that the HTTP Client tests ran successfully
with the changes
I've just noticed the SSLParameters.setUseCipherSuitesOrder() method.
I guess this can be used to enforce a higher priority for the h2
compatible ciphers
on the server side.
On the new API, I'm not sure about the SSLBase, SSLFunction construct
either.
I don't think it is very clear, and if
On 04/06/15 15:18, Simone Bordet wrote:
Hi,
On Thu, Jun 4, 2015 at 3:08 PM, Michael McMahon
michael.x.mcma...@oracle.com wrote:
On 04/06/15 13:19, Simone Bordet wrote:
Hi,
On Wed, Jun 3, 2015 at 8:23 AM, Xuelei Fan xuelei@oracle.com wrote:
Per section 4, RFC 7301
On 04/06/15 13:19, Simone Bordet wrote:
Hi,
On Wed, Jun 3, 2015 at 8:23 AM, Xuelei Fan xuelei@oracle.com wrote:
Per section 4, RFC 7301:
... The
application_layer_protocol_negotiation ServerHello extension is
intended to be definitive for the connection (until the connection is
Hi Brad,
A couple of initial comments/questions.
1) Certificate selection is one feature envisaged by ALPN. ie a client
or a server
ought to be able to choose a different certificate depending on the
application name
that gets negotiated. Is that possible with this API?
2) The
On 25/05/15 12:34, Simone Bordet wrote:
Hi,
On Mon, May 25, 2015 at 12:08 PM, Michael McMahon
michael.x.mcma...@oracle.com wrote:
Hi Brad,
A couple of initial comments/questions.
1) Certificate selection is one feature envisaged by ALPN. ie a client or a
server
ought to be able
Hi Simone,
I'm interested to understand why you think this Http 2 requirement
is difficult or impossible to implement in the JDK currently.
I thought, cipher suite selection would be independent of the ALPN
mechanism.
So, a Http 2 client implementation would ensure that allowed ciphers
are in
, Sep 17, 2014 at 3:17 PM, Simone Bordet simone.bor...@gmail.com wrote:
Hi,
On Wed, Sep 17, 2014 at 12:57 PM, Michael McMahon
michael.x.mcma...@oracle.com wrote:
Hi Simone,
I'm interested to understand why you think this Http 2 requirement
is difficult or impossible to implement in the JDK
Thanks for doing this Max. The syntax looks fine.
Just one question. Do you think it is better to specify each socket
option literally in the tool
as you have done (ie. the only supported NetworkPermission
is SO_FLOW_SLA with this change) or allow users to type in the option
name as free-form
On 26/08/14 09:05, Wang Weijun wrote:
On Aug 26, 2014, at 15:57, Michael McMahon michael.x.mcma...@oracle.com wrote:
Thanks for doing this Max. The syntax looks fine.
Just one question. Do you think it is better to specify each socket option
literally in the tool
as you have done (ie
Max,
These changes look fine. Just a couple of minor comments:
L130 in Client.java appears to be superfluous now.
The comment at L186 in Server.java might probably should
be removed or else expanded upon.
Thanks
Michael
On 23/06/14 09:09, Wang Weijun wrote:
Ping again.
On Jun 12, 2014, at
My understanding is that the original PMTU discovery spec RFC 1191
is not very effective due to its reliance on ICMP messages that are often
filtered out by routers. There was an update in RFC 4821 which removes
the dependency on ICMP and that seems to be effective
I'm just wondering then how
Hi,
This is a fix adding some checks for pending exceptions in the JGSS
native code.
All of these cases could only practically happen in case of
OutOfMemoryError.
There are a couple of places where the JNI spec isn't completely clear
whether
the exception will be thrown. In those cases, we
Seems fine to me Xuelei.
- Michael
On 19/08/13 06:56, Xuelei Fan wrote:
If no objections, I will push the change by COB Monday.
Thanks,
Xuelei
On 8/13/2013 4:29 PM, Xuelei Fan wrote:
Can I get an additional code review from networking team?
Thanks,
Xuelei
On 8/12/2013 2:07 PM, Weijun Wang
On 07/08/13 15:13, Xuelei Fan wrote:
On 8/7/2013 10:05 PM, Michael McMahon wrote:
Resolvers seem to accept queries using trailing dots.
eg nslookup www.oracle.com.
or InetAddress.getByName(www.oracle.com.);
The part of RFC3490 quoted below seems to me to be saying
that the empty label
Why is the serialVersionUid changed in NTLMAuthentication?
Otherwise, the encapsulation of NTLM in the new API looks quite
concise and neat to me? Looks fine.
- Michael
Vincent Ryan wrote:
The SASL component looks good Max.
Michael/Chris: have you any comments on the NTLM changes?
On
Weijun Wang wrote:
The internal structure of NTLMAuthentication is changed and that's why
I changed the serialVersionUid as well. If unchanged, I guess the old
serialized form can still be accepted by the new class, but all new
field will become null/0. After the change, any such
Changeset: dd724911c90a
Author:michaelm
Date: 2009-09-29 10:00 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dd724911c90a
6886108: Test case B4933582 binding to fixed port number
Reviewed-by: chegar
! test/java/net/Authenticator/B4933582.java
!
Changeset: 89b14d3740dc
Author:michaelm
Date: 2009-06-29 15:05 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/89b14d3740dc
6827999: 6827999: URLClassLoader.addURL(URL) adds URLs to closed class loader
Reviewed-by: chegar
! src/share/classes/sun/misc/URLClassPath.java
+
Max,
One question. Would this mechanism work for any possible GSS security
mechanism?
In other words, is all the information you need encapsulated inside a single
GSSCredential object?
Also, java.net.Authenticator was designed very much for the original
HTTP authentication
schemes (Basic
Changeset: d6881542bfef
Author:michaelm
Date: 2009-01-30 22:05 +
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d6881542bfef
4167874: URL-downloaded jar files can consume all available file descriptors
Summary: added close method to URLClassLoader
Reviewed-by: alanb
!
Changeset: b0378bb50d83
Author:michaelm
Date: 2008-09-11 17:46 +0100
URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/b0378bb50d83
6744329: Exception in light weight http server code
Reviewed-by: chegar
! src/share/classes/sun/net/httpserver/ChunkedOutputStream.java
+
Changeset: afcf04c535da
Author:michaelm
Date: 2008-08-21 10:04 -0700
URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/afcf04c535da
6258215: Num of backlog in ServerSocket(int, int) should be mentioned more
explicitly
Summary: updated javadoc
Reviewed-by: chegar
!
68 matches
Mail list logo
