Re: RFR: 8245527: LDAP Cnannel Binding support for Java GSS/Kerberos

Hi Alexey, This is starting to look good. Thank you for persisting! I have a couple of comments - on the LDAP/JNDI side. There are several places where your new code is supposed to trigger the throwing of a NamingException: LdapSasl.java: lines 76, 85, 140, 168 Please write a test to verify

RFR: 8218021: jarsigner strips the execute permission when signing a .zip file

Hi, I'd like to reboot this jarsigner enhancement request[1]. I've removed the problem references to zip file name extensions. Instead, there's a new JDK implementation specific jarsigner option: -keepposixperms https://bugs.openjdk.java.net/browse/JDK-8218021 https://cr.openjdk.java.net/~cof

Re: RFR 8244148: keytool -printcert and -printcrl should support the -trustcacerts and -keystore options

I re-read the CSR. The precise meaning of the 2 options for -printcert is: "If the cert is a trusted certificate in either keystore or cacerts, we will not warn if it uses a weak signature algorithm". This is so subtle and I wonder it's worth describing it. Or we just say "This command does not

Re: RFR: 8218021: jarsigner strips the execute permission when signing a .zip file

Hi Sean, I think your changes look fine so all good FMPOV. Best Lance > On Jun 12, 2020, at 6:21 AM, Seán Coffey wrote: > > Hi, > > I'd like to reboot this jarsigner enhancement request[1]. I've removed the > problem references to zip file name extensions. Instead, there's a new JDK > imple

Re: RFR 8245679: KeyStore cannot probe PKCS12 keystore if BouncyCastle is the top security provider

Looks good to me. --Sean On 6/8/20 8:25 AM, Weijun Wang wrote: Please take a look at https://cr.openjdk.java.net/~weijun/8245679/webrev.00/ If two providers support the same keystore type, we only try engineProbe() on the 1st one, and fail if it hasn't implemented it. The correct way is

Request for review, typo in exception message

Hi, May I have the following typo correction reviewed in test file? $ hg diff test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java @@ -70,7 +70,7 @@ cliToSrv.put(7, (byte)0x80);// use illegal message length } else { // unlikely -throw n

Re: Request for review, typo in exception message

Approved. :) Or if you want, I could review this much more carefully... Brad On 6/12/2020 2:43 PM, Xuelei Fan wrote: Hi, May I have the following typo correction reviewed in test file? $ hg diff test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java @@ -70,7 +70,7 @@ c

Re: RFR 8244148: keytool -printcert and -printcrl should support the -trustcacerts and -keystore options

Hi John, Updated Webrev - https://cr.openjdk.java.net/~hchao/8244148/webrev.03/ > On Jun 11, 2020, at 1:45 AM, sha.ji...@oracle.com wrote: > > Hi Hai-May, > > On 2020/6/8 04:01, Hai-May Chao wrote: >> Updated webrev - >> >> https://cr.openjdk.java.net/~hchao/8244148/webrev.02/ >>

Re: RFR 8244148: keytool -printcert and -printcrl should support the -trustcacerts and -keystore options

> On Jun 12, 2020, at 5:37 AM, Weijun Wang wrote: > > I re-read the CSR. > > The precise meaning of the 2 options for -printcert is: "If the cert is a > trusted certificate in either keystore or cacerts, we will not warn if it > uses a weak signature algorithm". This is so subtle and I wond

Re: RFR 8244148: keytool -printcert and -printcrl should support the -trustcacerts and -keystore options

Hi Hai-May, On 2020/6/13 06:34, Hai-May Chao wrote: Hi John, Updated Webrev - https://cr.openjdk.java.net/~hchao/8244148/webrev.03/ Thanks for this updated webrev! I have no more comment. Best regards, John Jiang On Jun 11, 2020, at 1:45 AM, sha.ji...@oracle.com