> This fix improves the exception message to better indicate when the key (and
> not the signature algorithm) is restricted. This change also includes a few
> other improvements:
>
> - The constraints checking in `AlgorithmChecker.check()` has been improved.
> If the `AlgorithmConstraints` are
On Thu, 21 Oct 2021 02:22:18 GMT, Weijun Wang wrote:
>> Sean Mullan has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> - Skip digest alg decomposing check for algorithms that don't contain
>> "SHA".
>> - Remove hasLoop method and fold co
> Hello,
>
> Could you please review the small patch for the issue described in
> JDK-8271199: Mutual TLS handshake fails signing client certificate with
> custom sensitive PKCS11 key
>
> I suggest updating the RSAPSSSignature.isValid() method to verify if provided
> key components can be appl
On Wed, 20 Oct 2021 17:22:38 GMT, Xue-Lei Andrew Fan wrote:
>> Alexey Bakhtin has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Refactoring isValid() for private and public keys
>
> It's a good catch. Thank you for the fix.
Hi @XueleiFan
On Thu, 21 Oct 2021 12:06:39 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
>> line 363:
>>
>>> 361: // been specified.
>>> 362: if (this.prevPubKey == null) {
>>> 363: if (anchor == null) {
>>
>> This won
On Thu, 21 Oct 2021 13:43:40 GMT, Sean Mullan wrote:
>> OK, but in the ctor `trustedPubKey` is also null.
>
> True, but that's because none of the fields are set yet, so it feels odd for
> the ctor to check if the field is null when it is always true, even if it is
> a different method. What if
On Thu, 21 Oct 2021 13:03:04 GMT, Weijun Wang wrote:
>> Ok, will remove. But I will keep this method separate since, unlike the ctor
>> it needs to check if `trustedPubKey` is `null` before setting the
>> `prevPubKey`.
>
> OK, but in the ctor `trustedPubKey` is also null.
True, but that's beca
On Fri, 20 Aug 2021 22:44:34 GMT, Weijun Wang wrote:
> This change modifies the default value of the `java.security.manager` system
> property from "allow" to "disallow". This means unless it's explicitly set to
> "allow", any call to `System.setSecurityManager()` would throw an UOE.
>
> This
> This fix improves the exception message to better indicate when the key (and
> not the signature algorithm) is restricted. This change also includes a few
> other improvements:
>
> - The constraints checking in `AlgorithmChecker.check()` has been improved.
> If the `AlgorithmConstraints` are
> This PR contains the API and implementation changes for JEP-419 [1]. A more
> detailed description of such changes, to avoid repetitions during the review
> process, is included as a separate comment.
>
> [1] - https://openjdk.java.net/jeps/419
Maurizio Cimadamore has updated the pull request
On Thu, 21 Oct 2021 12:59:35 GMT, Alexey Bakhtin wrote:
>> Hello,
>>
>> Could you please review the small patch for the issue described in
>> JDK-8271199: Mutual TLS handshake fails signing client certificate with
>> custom sensitive PKCS11 key
>>
>> I suggest updating the RSAPSSSignature.isV
On Wed, 13 Oct 2021 13:42:25 GMT, Sean Mullan wrote:
> This fix improves the exception message to better indicate when the key (and
> not the signature algorithm) is restricted. This change also includes a few
> other improvements:
>
> - The constraints checking in `AlgorithmChecker.check()` h
> This change implements a new service provider interface for host name and
> address resolution, so that java.net.InetAddress API can make use of
> resolvers other than the platform's built-in resolver.
>
> The following API classes are added to `java.net.spi` package to facilitate
> this:
> -
On Wed, 20 Oct 2021 18:47:32 GMT, Alan Bateman wrote:
>> Aleksei Efimov has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Change InetAddressResolver method names
>
> src/java.base/share/classes/java/net/InetAddress.java line 244:
>
>> 242
On Thu, 21 Oct 2021 18:21:50 GMT, Aleksei Efimov wrote:
>> This change implements a new service provider interface for host name and
>> address resolution, so that java.net.InetAddress API can make use of
>> resolvers other than the platform's built-in resolver.
>>
>> The following API classes
> Hello,
>
> Could you please review the small patch for the issue described in
> JDK-8271199: Mutual TLS handshake fails signing client certificate with
> custom sensitive PKCS11 key
>
> I suggest updating the RSAPSSSignature.isValid() method to verify if provided
> key components can be appl
On Thu, 21 Oct 2021 19:16:34 GMT, Alexey Bakhtin wrote:
>> Hello,
>>
>> Could you please review the small patch for the issue described in
>> JDK-8271199: Mutual TLS handshake fails signing client certificate with
>> custom sensitive PKCS11 key
>>
>> I suggest updating the RSAPSSSignature.isV
KrbKdcReq throws the exception on line 55, so it is the previous check
if (isAsReq && !req.reqBody.cname.equals(rep.cname) &&
((!req.reqBody.kdcOptions.get(KDCOptions.CANONICALIZE) &&
req.reqBody.cname.getNameType() !=
PrincipalName.KRB_NT_
18 matches
Mail list logo
