Hi folks,
we have recently noticed the following with Java's kinit (tested with
Zulu 8 and 13, code is identical in 18 as well):
C:\Users\osipovmi>kinit osipo...@ad001.siemens.net
I have intentionally written the realm in lowercase to rely on
canonicalization of the AD KDC. krb5.conf conta
> This PR contains the API and implementation changes for JEP-419 [1]. A more
> detailed description of such changes, to avoid repetitions during the review
> process, is included as a separate comment.
>
> [1] - https://openjdk.java.net/jeps/419
Maurizio Cimadamore has updated the pull request
> This change implements a new service provider interface for host name and
> address resolution, so that java.net.InetAddress API can make use of
> resolvers other than the platform's built-in resolver.
>
> The following API classes are added to `java.net.spi` package to facilitate
> this:
> -
On Sun, 17 Oct 2021 21:03:56 GMT, Mark Sheppard wrote:
> getByName requires a hostname lookup and getByAdress requires (eventually - I
> know the docs says there’s no reverse lookup) an address reverse lookup.
> Thus, a logical mapping is getByName —> lookupHostname, and getByAddr —>
> lookupA
On Wed, 20 Oct 2021 02:45:07 GMT, Anthony Scarpino
wrote:
>> Sean Mullan has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> - Changed names of AlgorithmDecomposer.canonicalName and
>> decomposeOneHashName
>> methods.
>> - Changed othe
> This PR contains the API and implementation changes for JEP-419 [1]. A more
> detailed description of such changes, to avoid repetitions during the review
> process, is included as a separate comment.
>
> [1] - https://openjdk.java.net/jeps/419
Maurizio Cimadamore has updated the pull request
> This fix improves the exception message to better indicate when the key (and
> not the signature algorithm) is restricted. This change also includes a few
> other improvements:
>
> - The constraints checking in `AlgorithmChecker.check()` has been improved.
> If the `AlgorithmConstraints` are
On Wed, 20 Oct 2021 11:52:38 GMT, Aleksei Efimov wrote:
>> This change implements a new service provider interface for host name and
>> address resolution, so that java.net.InetAddress API can make use of
>> resolvers other than the platform's built-in resolver.
>>
>> The following API classes
On Wed, 20 Oct 2021 13:34:44 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/util/AlgorithmDecomposer.java line
>> 106:
>>
>>> 104: // "SHA-256" and "SHA256" to make the right constraint
>>> checking.
>>> 105:
>>> 106: for (Map.Entry e :
>>> DECOMPOSED_DIG
On Fri, 23 Jul 2021 10:33:14 GMT, Alexey Bakhtin wrote:
> Hello,
>
> Could you please review the small patch for the issue described in
> JDK-8271199: Mutual TLS handshake fails signing client certificate with
> custom sensitive PKCS11 key
>
> I suggest updating the RSAPSSSignature.isValid()
If a entry is overwritten by another one using the same alias, make sure the
old one is removed.
-
Commit messages:
- 8185844: MSCAPI doesn't list aliases correctly
Changes: https://git.openjdk.java.net/jdk/pull/6047/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=6047
Support Cipher operations on CNG keys.
-
Depends on: https://git.openjdk.java.net/jdk/pull/6047
Commit messages:
- 8251134: Unwrapping a key with a Private Key generated by Microsoft CNG fails
Changes: https://git.openjdk.java.net/jdk/pull/6049/files
Webrev: https://webrevs.openjd
On Wed, 20 Oct 2021 11:52:38 GMT, Aleksei Efimov wrote:
>> This change implements a new service provider interface for host name and
>> address resolution, so that java.net.InetAddress API can make use of
>> resolvers other than the platform's built-in resolver.
>>
>> The following API classes
On Wed, 20 Oct 2021 11:52:38 GMT, Aleksei Efimov wrote:
>> This change implements a new service provider interface for host name and
>> address resolution, so that java.net.InetAddress API can make use of
>> resolvers other than the platform's built-in resolver.
>>
>> The following API classes
On Fri, 13 Aug 2021 17:11:45 GMT, Martin Balao wrote:
>> As described in JDK-8271566 [1], this patch proposal is intended to fix a
>> problem that arises when using DSA keys that have a 256-bits (or larger) G
>> parameter for signatures (either signing or verifying). There were some
>> incorre
On Wed, 20 Oct 2021 14:47:31 GMT, Sean Mullan wrote:
>> This fix improves the exception message to better indicate when the key (and
>> not the signature algorithm) is restricted. This change also includes a few
>> other improvements:
>>
>> - The constraints checking in `AlgorithmChecker.check
On Sat, 2 Oct 2021 05:45:47 GMT, Clive Verghese wrote:
> Hi,
>
> We have identified that the `HandshakeContext` initialization takes up a
> close to 50% of the flame graph for startHandshake. I have moved the
> computation of the `activeProtocols` and `activeCipherSuites` from the
> Handshake
On Sat, 2 Oct 2021 05:45:47 GMT, Clive Verghese wrote:
> Hi,
>
> We have identified that the `HandshakeContext` initialization takes up a
> close to 50% of the flame graph for startHandshake. I have moved the
> computation of the `activeProtocols` and `activeCipherSuites` from the
> Handshake
On Wed, 20 Oct 2021 14:47:31 GMT, Sean Mullan wrote:
>> This fix improves the exception message to better indicate when the key (and
>> not the signature algorithm) is restricted. This change also includes a few
>> other improvements:
>>
>> - The constraints checking in `AlgorithmChecker.check
19 matches
Mail list logo
