Vinnie
The bug report shows sun/security/tools/keytool/autotest.sh also failed. The
test includes
LIBNAME=`find_one \
/usr/lib/libsoftokn3.so \
/usr/lib/i386-linux-gnu/nss/libsoftokn3.so \
/usr/lib/nss/libsoftokn3.so`
Maybe adding a line for
it to autotest.sh too.
On 29 May 2014, at 14:40, Wang Weijun weijun.w...@oracle.com wrote:
Vinnie
The bug report shows sun/security/tools/keytool/autotest.sh also failed.
The test includes
LIBNAME=`find_one \
/usr/lib/libsoftokn3.so \
/usr/lib/i386-linux-gnu/nss/libsoftokn3.so
/Ticket).
However, the app can do whatever they want when constructing their own
Subject objects. Although I am not sure if any such usage exists.
I'll read more code history to see if there is a convention.
Thanks
Max
Valerie
On 05/27/14 03:50, Wang Weijun wrote:
Hi Valerie
I am
Hi Valerie
I am working on breaking JGSS into modules and is now looking at
sun/security/jgss/GSSUtil.java. There is a method
public static T extends GSSCredentialSpi VectorT
searchSubject(final GSSNameSpi name,
final Oid mech,
. If I just treat
them as an unordered set of certs, it seems too tolerant.
--Max
--Sean
On 05/21/2014 08:20 PM, Wang Weijun wrote:
Hi All
Please review the code change at
http://cr.openjdk.java.net/~weijun/8036709/webrev.01/
Before this change, jarsigner simply put a cert chain
Hi All
Please review the code changes at
http://cr.openjdk.java.net/~weijun/8043537/webrev.02/
The fix creates geteuid() in sun.misc.VM so DflCache.java does not depend on
JAAS modules anymore. Alan suggested me to add some similar methods so other
people can use it.
Thanks
Max
Hi All
Please review the code change at
http://cr.openjdk.java.net/~weijun/8036709/webrev.01/
Before this change, jarsigner simply put a cert chain into a CertPath and
validate it. If the CertPath contains a trust anchor inside, the validation
could fail even if it should not. This fix
:
On May 18, 10:06am, weijun.w...@oracle.com (Wang Weijun) wrote:
-- Subject: Re: RFR 8036779: sun.security.krb5.KdcComm interprets kdc_timeout
| How about this? I will support s and ms units (ms is not defined by
o=
| ther vendors though). But will still try to be a little smart when
Hi All
I am a member of Oracle's Java SE security team, and recently we found a bug
about the inconsistency of the kdc_timeout setting between Java and other
vendors. Java does not support specifying a unit and always treats the value as
milliseconds. While the others support units and when no
Hi All
I am a member of Oracle's Java SE security team, and recently we found a bug
about the inconsistency of the kdc_timeout setting between Java and other
vendors. Java does not support specifying a unit and always treats the value as
milliseconds. While the others support units and when no
How about this? I will support s and ms units (ms is not defined by other
vendors though). But will still try to be a little smart when there is no unit.
--Max
On May 15, 2014, at 10:09, Xuelei Fan xuelei@oracle.com wrote:
The actual problem is, what if I want to use 121 seconds? It is a
On Apr 24, 2014, at 19:17, Wang Weijun weijun.w...@oracle.com wrote:
Please review the changes at
http://cr.openjdk.java.net/~weijun/8040321/webrev.00
Most are simple, except that ts.sh needs to call TimeSTampCheck.java which
then calls jarsigner, therefore more hops.
To test
On Apr 18, 2014, at 2:22, Sean Mullan sean.mul...@oracle.com wrote:
* Config.java
- update copyright year
Will add it before the push. I could work on multiple bugs of a single file and
cannot determine which one gets pushed first.
[202] can you log the IOException?
OK.
Thanks
Max
On Apr 19, 2014, at 1:14, Sean Mullan sean.mul...@oracle.com wrote:
In fact, when a login module is not found, an exception will be
thrown immediately even if it's marked optional. Now that these
modules are available on all platforms, this won't happen anymore. If
you think this behavior is
Please review these two code changes:
8039358: com.sun.jarsigner.ContentSignerParameters.getTSAPolicyID() should be a
default method
http://cr.openjdk.java.net/~weijun/8039358/webrev.01/
8038837: Add support to jarsigner for specifying timestamp hash algorithm
Hi All
There are two bugs. The first one is:
https://bugs.openjdk.java.net/browse/JDK-8040068
8040068: SolarisSystem should be @Deprecated and @jdk.Exported(false)
of which the code change is simply
--- a/src/share/classes/com/sun/security/auth/module/SolarisSystem.java
+++
that some engines require certain
parameters to be be present on creation, and a newInstance(null) will trigger
that exception.
HTH,
Brad
On 4/15/2014 8:01 AM, Sean Mullan wrote:
Looks fine to me.
--Sean
On 04/15/2014 04:03 AM, Wang Weijun wrote:
Please review the code changes
Please review the code changes at
http://cr.openjdk.java.net/~weijun/8039853/webrev.00/
If you find it confused, I have mistakenly pushed some code changes in
http://hg.openjdk.java.net/jdk9/dev/jdk/rev/ba6e2fcdfa15
and the current code change is trying to fix/enhance it. Altogether, the
the return value is a Boolean (instead of boolean) and could be null.
Thanks
Max
On Jan 29, 2014, at 5:46, Sean Mullan sean.mul...@oracle.com wrote:
On 01/28/2014 03:53 AM, Wang Weijun wrote:
Please review the fix at
http://cr.openjdk.java.net/~weijun/8029995/webrev.00/
The supported boolean
Hi
Please take a review at
http://cr.openjdk.java.net/~weijun/8038754/webrev.00/
Before JDK-8031003, the debug message inside native JGSS is printed out on the
Java side using
System.out.println(msg);
but after it, it is printed on the C side using
puts(msg);
and no newline will
Webrev updated at
http://cr.openjdk.java.net/~weijun/8038754/webrev.01/
'printf(s); printf(\n)' is now 'printf(s\n);'. One less call, and seems an
extra benefit to force /s/ being a real literal. At least it compiles now.
Thanks
Max
On Mar 30, 2014, at 23:27, Wang Weijun weijun.w
NativeUtil.h:
88: How about puts(s) or printf(%s, s) (in case s includes %)?
NativeUtil.c:
514-516: not necessary?
539-543: Why not TRACEn here?
639-659: It looks like if cbytes == NULL then the function returns NULL with no
exception throwing and this would break something in GSSLibStub.c.
What is the problem now? Test fails after 120 seconds of default timeout?
This SO_TIMEOUT could be useful to make sure a test fails early, but I am not
sure if the value is big enough. If the failure is rare, I would choose 30
seconds.
--Max
On Mar 17, 2014, at 16:34, Xuelei Fan
On Mar 17, 2014, at 17:06, Xuelei Fan xuelei@oracle.com wrote:
On 3/17/2014 4:59 PM, Wang Weijun wrote:
What is the problem now? Test fails after 120 seconds of default timeout?
These test are for shell script tests. The bug reported stated the
server did not terminated on Windows. I
Looks good now. Thanks.
--Max
On Mar 17, 2014, at 17:17, Xuelei Fan xuelei@oracle.com wrote:
Update to use 30 seconds:
http://cr.openjdk.java.net/~xuelei/8037346/webrev.00/
), the acceptor would need to send back a response, i.e.
an AP-REP.
Thanks
Max
--Sean
On 03/12/2014 10:18 PM, Wang Weijun wrote:
Tiny webrev at
http://cr.openjdk.java.net/~weijun/8037262/webrev.00/
Thanks
Max
Hi All
I have an interface that wraps an integer, like this
interface Wrapper {
int getX();
}
Why cannot I add a default toString method
default String toString() {
return This is + getX();
}
The error is
error: default method toString in interface DSAPublicKey
tag into the 1st byte of output, which is
also the 1st byte of the input, so there is no need to check.
Can you show me a counter-example? ;-)
Thanks
Max
Artem
On 02/26/2014 01:54 PM, Wang Weijun wrote:
Hi Artem
The code change looks fine. It seems all your s/getLength
Tiny webrev at
http://cr.openjdk.java.net/~weijun/8037262/webrev.00/
Thanks
Max
Ping again.
--Max
On Mar 7, 2014, at 15:31, Wang Weijun weijun.w...@oracle.com wrote:
Hi All
Please take a review of
http://cr.openjdk.java.net/~weijun/8035963/webrev.00/
I've added a ratio variable to these timeout related tests. The ratio is now
set to 2 (one exception, 3
suggestion?
Xuelei
On 3/11/2014 5:54 PM, Wang Weijun wrote:
Ping again.
--Max
On Mar 7, 2014, at 15:31, Wang Weijun weijun.w...@oracle.com wrote:
Hi All
Please take a review of
http://cr.openjdk.java.net/~weijun/8035963/webrev.00/
I've added a ratio variable to these timeout
Please review the fix at
http://cr.openjdk.java.net/~weijun/8036971/webrev.00/
bug is
https://bugs.openjdk.java.net/browse/JDK-8036971
Before the enhancement JDK-8029994 is available, a bug fix is needed.
Thanks
Max
Change looks fine.
*Xuelei*: Remember to run all tests next time. At least a JPRT.
Thanks
Max
On Mar 7, 2014, at 10:25, Jason Uh jason...@oracle.com wrote:
Please review this fix for 8036844, which updates the path to a keystore used
in a couple of tests. The path is no longer accurate
Hi All
Please take a review of
http://cr.openjdk.java.net/~weijun/8035963/webrev.00/
I've added a ratio variable to these timeout related tests. The ratio is now
set to 2 (one exception, 3 for BadKdc2). This is mainly an experiment to how if
they can be more stable when running slower. We
Change looks fine. That was an awkward name.
--Max
On Mar 5, 2014, at 21:06, Xuelei Fan xuelei@oracle.com wrote:
Hi,
Please review this simple test fix:
http://cr.openjdk.java.net/~xuelei/8036676/webrev.00/
Updated to use capital letter to start a class name.
Thanks,
Xuelei
/8032473/update.export
hg import should work. From the changeset, we can see the content
changes in renames files.
Xuelei
On 3/3/2014 9:38 PM, Wang Weijun wrote:
Hi Xuelei
Yes it's quite difficult to read the actual webrev so instead I try to apply
jdk.patch to my repo and see what
, but we know there are at least path to store changes.
--Max
On Mar 3, 2014, at 19:46, Xuelei Fan xuelei@oracle.com wrote:
webrev: http://cr.openjdk.java.net/~xuelei/8032473/webrev.00/
On 3/3/2014 1:54 PM, Wang Weijun wrote:
As Brad mentioned in the comment, do you need to update
Please review the fix for
https://bugs.openjdk.java.net/browse/JDK-8036104
Basically, the PAData.java test has the same name as the internal PAData.java
source file. IntelliJ IDEA always shows me the code completion hints I do not
want. And when I manually code the correct method, it shows
Thanks. That is so fast.
--Max
On Mar 3, 2014, at 10:48, Xuelei Fan xuelei@oracle.com wrote:
Fine.
Xuelei
On 3/3/2014 10:43 AM, Wang Weijun wrote:
As Brad mentioned in the comment, do you need to update the test/TEST.groups
file?
Although not friendly to read, you do have a webrev somewhere?
Thanks
Max
Ping again.
On Feb 25, 2014, at 20:44, Wang Weijun weijun.w...@oracle.com wrote:
Please review the code change at
http://cr.openjdk.java.net/~weijun/7176574/7u/webrev.00/
This is a backport of 3 jdk8 fixes on sun/security/krb5/auto/TcpTimeout.java
7176574: sun/security/krb5/auto
Hi Artem
Indefinite length is not allowed in DER so we never generate it. However, we do
support reading it. I guess there must be a reason. Maybe
1. We don't have separate BerXXX classes, so basically we read both DER and BER
with the same codes.
2. Most protocols require DER encoding, but
Oh, I might have mis-read your webrev. I take back my words below. Will read it
again.
Thanks
Max
On Feb 26, 2014, at 16:09, Wang Weijun weijun.w...@oracle.com wrote:
Anyway, I think it's better to be tolerant, especially we have supported it
ever since.
Thanks
Max
On Feb 26
Hi Artem
The code change looks fine. It seems all your s/getLength/getDefiniteLength/
substitutions are those that only works with a definite length.
However, I do find the indefinite length support not satisfying. Just not sure
if it's worth fixing. For example:
1. No idea why
Please review the code change at
http://cr.openjdk.java.net/~weijun/7176574/7u/webrev.00/
This is a backport of 3 jdk8 fixes on sun/security/krb5/auto/TcpTimeout.java
7176574: sun/security/krb5/auto/TcpTimeout.java failed with solaris-i586
A somehow related question: is there a proposal to specify a security property
on the command line?
Thanks
Max
On Feb 24, 2014, at 1:44, Sean Mullan sean.mul...@oracle.com wrote:
On 02/21/2014 01:17 AM, Wang Weijun wrote:
Is there a proposal to extract them into a single include file
Is there a proposal to extract them into a single include file?
Thanks
Max
Ping again.
On Feb 15, 2014, at 16:18, Wang Weijun weijun.w...@oracle.com wrote:
Webrev updated again at
http://cr.openjdk.java.net/~weijun/8034033/webrev.02/
I add more checks to make sure it's a good initial TGT, and exit the loop
when there is either an exception or the TGT
15, 2014, at 9:14, Wang Weijun weijun.w...@oracle.com wrote:
Hi Valerie
Since this is a while loop, it seems for each BuildXXX function, just
returning NULL when an exception is thrown is not enough, because it's not
returning to Java but still inside the native code so another JNI call
Code change looks good.
Do you really want to use Copyright (c) 2000, 2014 for the new file?
Thanks
Max
On Feb 14, 2014, at 20:06, Alan Bateman alan.bate...@oracle.com wrote:
As part of preparing the JDK for modules we need to look at the dependencies
between Kerberos and JAAS as they are
/2014 13:55, Wang Weijun wrote:
Code change looks good.
Do you really want to use Copyright (c) 2000, 2014 for the new file?
Thanks Max.
On the copyright date then I wasn't sure. As the code is coming from
TextCallbackHandler (originally 2000 I assume) then I left this as the
starting
Hi Valerie
Since this is a while loop, it seems for each BuildXXX function, just returning
NULL when an exception is thrown is not enough, because it's not returning to
Java but still inside the native code so another JNI call might run. Do you
think it's OK to add a ExceptionClear call after
Updated webrev at
http://cr.openjdk.java.net/~weijun/8034033/webrev.01/
Thanks
Max
On Feb 13, 2014, at 8:56, Wang Weijun weijun.w...@oracle.com wrote:
On Feb 13, 2014, at 8:48, Valerie (Yu-Ching) Peng valerie.p...@oracle.com
wrote:
Max,
Changes look fine.
However, I noticed some
Hi All
The bug is at https://bugs.openjdk.java.net/browse/JDK-8034762.
Basically there is nothing to review. I just move 10 files to a different
directory and not a single bit of their contents was changed. They are
test/sun/security/krb5/ConfPlusProp.java
.
I see. So ExceptionCheck is just a return-void version of ExceptionOccurred.
I'll create another webrev.
Thanks
Max
Thanks,
Valerie
On 02/11/14 04:27, Wang Weijun wrote:
Hi All
I didn't attend the parfait day last week, but a new one is coming. Please
review my fix at
http
Hi All
I didn't attend the parfait day last week, but a new one is coming. Please
review my fix at
http://cr.openjdk.java.net/~weijun/8034033/webrev.00/
Thanks
Max
Please review the fix at
http://cr.openjdk.java.net/~weijun/8029995/webrev.00/
The supported boolean values in this fix cover what MIT krb5 does and we also
added 'f'.
The old getBooleanValue() method returns true for “true” and false otherwise
but the new method returns null if the value
is there is a
NumberFormatException).
--Max
On Jan 29, 2014, at 5:46, Sean Mullan sean.mul...@oracle.com wrote:
On 01/28/2014 03:53 AM, Wang Weijun wrote:
Please review the fix at
http://cr.openjdk.java.net/~weijun/8029995/webrev.00/
The supported boolean values in this fix cover what
) {
+JarEntry e = getJarEntry(name);
if (e == null) {
throw new JarException(corrupted jar file);
}
so all names[i] become name.
Thanks
Max
--Sean
On 01/22/2014 02:01 AM, Wang Weijun wrote:
Hi All
Please take a look at the webrev
On Jan 22, 2014, at 15:01, Wang Weijun weijun.w...@oracle.com wrote:
Hi All
Please take a look at the webrev at
http://cr.openjdk.java.net/~weijun/8031572/8/webrev.00/
JarVerifier has a flag that separates parsing signatures and verifying other
entries. The fix makes sure only signature
Hi All
Please take a look at the webrev at
http://cr.openjdk.java.net/~weijun/8031572/8/webrev.00/
JarVerifier has a flag that separates parsing signatures and verifying other
entries. The fix makes sure only signature-related files are processed in the
beginning so JarVerifier does not
Hi Elliott
Great to see this again. I’ll come back to this later. There are some urgent
issues I have to deal with at this moment. I’ll also need to get those legal
advices regarding pkg.m4 etc.
Thanks
Max
On Jan 15, 2014, at 7:01, Elliott Baron eba...@redhat.com wrote:
Hi Max,
I have
and apply to earlier releases.
Thanks for the review please let me know if you have additional comments,
Valerie
On 06/17/13 22:41, Wang Weijun wrote:
I will also apply the same change to P11DHPrivateKey/P11DHPublicKey
then. Equality check using ASN.1 encoding is fine for non-DH
algorithms
I will also apply the same change to P11DHPrivateKey/P11DHPublicKey then.
Equality check using ASN.1 encoding is fine for non-DH algorithms but not for
DH.
I cannot read the source codes now, but is it possible to implement the equals
method right in the base interface using the JDK 8
在 Jun 13, 2013,4:14 AM,Valerie (Yu-Ching) Peng valerie.p...@oracle.com 写道:
Changes look fine.
Just curious, what's the reason for the changes in KeyTab.java?
There was an EType.getDefaults() call there and it is useless. If kept, will
need to check exception.
-Max
Valerie
On
在 May 24, 2013,5:14,Valerie (Yu-Ching) Peng valerie.p...@oracle.com 写道:
On 05/12/13 22:39, Weijun Wang wrote:
Hi Valerie
Please take a look at
http://cr.openjdk.java.net/~weijun/8014196/webrev.01/
KeyTab.getInstance() used to return null if the keytab file does not exists,
but
Hi Valerie
Please review this code change
http://cr.openjdk.java.net/~weijun/8000653/webrev.00/
The reason is that if a SPNEGO GSSContext is established with krb5 underneath,
its getDelegCred() only returns one krb5 cred element. I need to add more for
mechs that are compatible with this
I've thought about that, but it means there is no way to check
forward-compatibility. (Am I using the correct word? Deserialize jdk7 format
with jdk6).
Max
在 2013-1-21,下午9:58,Alan Bateman alan.bate...@oracle.com 写道:
On 21/01/2013 01:51, Weijun Wang wrote:
Please take a look at the webrev at
Hi Mandy
Sorry for late comment. My email client on Nokia E71 keeps crashing. (Hope
it's good this time).
I'm quite sure there are people out there calling KeyTool the same way.
Also, I feel a little weird that one tool is treated diffrently from
others.
Is it possible to leave all
601 - 669 of 669 matches
Mail list logo