> Hi,
>
> This change adds Channel Binding Token (CBT) support to HTTPS
> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos)
> authentication scheme. When enabled, the implementation preemptively includes
> a CBT with authentication requests over Kerberos. The feature
A hostname in an URL ending with a dot is valid (See RFC 1034). However, it is
not a valid SNI hostname. The ending dot should be ignored while checking the
hostname with SNI or the name in a X.509 certificate.
The update should be verified with jshell. No new regression test added as
there
On Mon, 24 Jan 2022 22:11:51 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
This change replaces hard-coded 127.0.0.1 loopback addresses with
`InetAddress.getLoopbackAddress().getHostAddress()`, to allow the tests to work
on IPv6-only systems. This matches the approach of previous fixes in
[JDK-8220083](https://bugs.openjdk.java.net/browse/JDK-8220083).
-
> Hi,
>
> This change adds Channel Binding Token (CBT) support to HTTPS
> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos)
> authentication scheme. When enabled, the implementation preemptively includes
> a CBT with authentication requests over Kerberos. The feature
On Fri, 21 Jan 2022 19:48:02 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> added root cause to NamingException
>
> src/java.base/share/classes/java/net/doc-files/net-properties.html line 220:
On Mon, 24 Jan 2022 13:36:47 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
On Sat, 22 Jan 2022 22:48:29 GMT, Michael StJohns wrote:
> I originally started using the BC certificate factory
> because the SUN factory didn't understand RSA-OAEP as a key type in
> SubjectKeyInfo and I was getting a few of those from a group of TPMs.??
Is that still an issue? I would have ex
On Mon, 24 Jan 2022 13:36:47 GMT, Michael McMahon wrote:
>> Hi,
>>
>> This change adds Channel Binding Token (CBT) support to HTTPS
>> (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO,
>> Kerberos) authentication scheme. When enabled, the implementation
>> preemptively inclu
On Fri, 21 Jan 2022 15:40:16 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> more tidy-up
>
> src/java.naming/share/classes/com/sun/jndi/ldap/sasl/LdapSasl.java line 144:
>
>> 142:
On Mon, 24 Jan 2022 13:54:12 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains eight additional
>> com
On Mon, 24 Jan 2022 15:23:44 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains eight additional
>> comm
On Fri, 21 Jan 2022 03:27:44 GMT, Hai-May Chao wrote:
>> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1129:
>>
>>> 1127: }
>>> 1128:
>>> 1129: buildTrustedCerts();
>>
>> Can we reuse the keystore loaded by `buildTrustedCerts()` instead of
>> reloading
On Fri, 21 Jan 2022 03:34:24 GMT, Hai-May Chao wrote:
>> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
>> class when performing algorithm constraints checks. This change is to
>> enhance `keytool` to make use of the new methods
>> `DisabledAlgorithmConstraints.per
On Mon, 24 Jan 2022 15:54:01 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/security/util/TlsChannelBinding.java line
>> 100:
>>
>>> (failed to retrieve contents of file, check the PR for context)
>> I think this method should stay here. Suppose one day the CBT type is
>> confi
On Fri, 14 Jan 2022 11:18:23 GMT, Masanori Yano wrote:
>> Could you please review the JDK-8255739 bug fix?
>>
>> I think sun.security.x509.SubjectAlternativeNameExtension() should throw an
>> exception for incorrect SubjectAlternativeNames instead of returning the
>> substituted characters, wh
On 1/24/2022 9:51 AM, Sean Mullan wrote:
On Sat, 22 Jan 2022 22:48:29 GMT, Michael StJohns wrote:
I originally started using the BC certificate factory
because the SUN factory didn't understand RSA-OAEP as a key type in
SubjectKeyInfo and I was getting a few of those from a group of TPMs.??
I
> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
> class when performing algorithm constraints checks. This change is to enhance
> `keytool` to make use of the new methods
> `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters`
> and `checkKey`
> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
> class when performing algorithm constraints checks. This change is to enhance
> `keytool` to make use of the new methods
> `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters`
> and `checkKey`
On Mon, 24 Jan 2022 16:00:14 GMT, Sean Mullan wrote:
>> No change. This is because `caks` global variable can only be initialized
>> with cacerts keystore when the `trustcacerts` option is specified;
>> otherwise if has to be kept null. `buildTrustedCerts`() is always executed.
>
> I was think
On Mon, 24 Jan 2022 16:12:25 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update with review comments
>
> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 4908:
>
>> 4906:
On 1/24/2022 2:23 PM, Weijun Wang wrote:
On Fri, 14 Jan 2022 11:18:23 GMT, Masanori Yano wrote:
Could you please review the JDK-8255739 bug fix?
I think sun.security.x509.SubjectAlternativeNameExtension() should throw an
exception for incorrect SubjectAlternativeNames instead of returning th
22 matches
Mail list logo
