[security-dev 01721]: hg: jdk7/tl/langtools: 3 new changesets

Changeset: b816baf594e3 Author:mikejwre Date: 2010-03-04 13:50 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/b816baf594e3 Added tag jdk7-b85 for changeset 136bfc679462 ! .hgtags Changeset: ef07347428f2 Author:lana Date: 2010-03-09 15:29 -0800 URL: http

[security-dev 01720]: hg: jdk7/tl/jdk: 22 new changesets

Changeset: 03cd9e62961f Author:mikejwre Date: 2010-03-04 13:50 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/03cd9e62961f Added tag jdk7-b85 for changeset b396584a3e64 ! .hgtags Changeset: 840601ac5ab7 Author:rkennke Date: 2010-03-03 15:50 +0100 URL: http://

[security-dev 01719]: hg: jdk7/tl/jaxws: Added tag jdk7-b85 for changeset 8424512588ff

Changeset: 512b0e924a5a Author:mikejwre Date: 2010-03-04 13:50 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jaxws/rev/512b0e924a5a Added tag jdk7-b85 for changeset 8424512588ff ! .hgtags

[security-dev 01718]: hg: jdk7/tl/jaxp: Added tag jdk7-b85 for changeset 6c0ccabb430d

Changeset: 81c0f115bbe5 Author:mikejwre Date: 2010-03-04 13:50 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jaxp/rev/81c0f115bbe5 Added tag jdk7-b85 for changeset 6c0ccabb430d ! .hgtags

[security-dev 01717]: hg: jdk7/tl/hotspot: 2 new changesets

Changeset: 418bc80ce139 Author:mikejwre Date: 2010-03-04 13:50 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/hotspot/rev/418bc80ce139 Added tag jdk7-b85 for changeset 6c9796468b91 ! .hgtags Changeset: bf823ef06b4f Author:trims Date: 2010-03-08 15:50 -0800 URL: http:

[security-dev 01716]: hg: jdk7/tl/corba: Added tag jdk7-b85 for changeset c67a9df7bc0c

Changeset: 6253e28826d1 Author:mikejwre Date: 2010-03-04 13:50 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/corba/rev/6253e28826d1 Added tag jdk7-b85 for changeset c67a9df7bc0c ! .hgtags

[security-dev 01715]: hg: jdk7/tl: 3 new changesets

Changeset: 3ddf90b39176 Author:mikejwre Date: 2010-03-04 13:50 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/rev/3ddf90b39176 Added tag jdk7-b85 for changeset cf26288a114b ! .hgtags Changeset: 433a60a9c0bf Author:lana Date: 2010-03-09 15:28 -0800 URL: http://hg.open

[security-dev 01714]: '\0' in alias name of a pkcs11 keystore

Hi Valerie As described in http://forums.sun.com/thread.jspa?threadID=5432248, customer's pkcs11 keystore has aliases ended with '\0'. Is this something we should fix on the Java side? Thanks Max

[security-dev 01713]: hg: jdk7/tl/jdk: 3 new changesets

Changeset: c52f292a8f86 Author:valeriep Date: 2010-03-18 17:05 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c52f292a8f86 6695485: SignedObject constructor throws ProviderException if it's called using provider "SunPKCS11-Solaris" Summary: Added checking for RSA key lengths

[security-dev 01712]: Re: Please review new regression test for java.net.* API

On 18 March 2010 21:12, Christopher Hegarty -Sun Microsystems Ireland wrote: > Andrew John Hughes wrote: >> >> On 18 March 2010 20:56, Christopher Hegarty -Sun Microsystems Ireland >> wrote: >>> >>> Brad, Pavel, Andrew, >>> >>> I'm also not comfortable with this test, but what bothers me more tha

[security-dev 01711]: Re: Please review new regression test for java.net.* API

Andrew John Hughes wrote: On 18 March 2010 20:56, Christopher Hegarty -Sun Microsystems Ireland wrote: Brad, Pavel, Andrew, I'm also not comfortable with this test, but what bothers me more than the reliance on an external server is the reliance on cacerts. While cacerts (or equivalent) is not

[security-dev 01710]: Re: Please review new regression test for java.net.* API

On 18 March 2010 20:56, Christopher Hegarty -Sun Microsystems Ireland wrote: > Brad, Pavel, Andrew, > > I'm also not comfortable with this test, but what bothers me more than the > reliance on an external server is the reliance on cacerts. While cacerts (or > equivalent) is not part of OpenJDK I d

[security-dev 01709]: Re: Please review new regression test for java.net.* API

Brad, Pavel, Andrew, I'm also not comfortable with this test, but what bothers me more than the reliance on an external server is the reliance on cacerts. While cacerts (or equivalent) is not part of OpenJDK I don't think it makes sense adding a test to OpenJDK that has a reliance on it. For

[security-dev 01708]: Re: Please review new regression test for java.net.* API

On 18 March 2010 18:40, Brad Wetmore wrote: > > I have a couple important tasks to finish ASAP, so if there is more > discussion, I'll have to jump in sometime next week, but wanted to add > one thing before anything was done: > > Pavel wrote: >> And we can use other URL if verisign.com is problem

[security-dev 01707]: Re: Please review new regression test for java.net.* API

I have a couple important tasks to finish ASAP, so if there is more discussion, I'll have to jump in sometime next week, but wanted to add one thing before anything was done: Pavel wrote: > And we can use other URL if verisign.com is problematic. We've tried to limit the reliance on servers outs

[security-dev 01706]: Re: Please review new regression test for java.net.* API

On 18 March 2010 15:13, Sean Mullan wrote: > Andrew John Hughes wrote: > >> This has been posted about before; OpenJDK currently can't bootstrap >> itself because it doesn't have a working cacerts store (the JAXP URL >> uses https). >> >> I don't know how to solve this; we can certainly have the c

[security-dev 01705]: Re: Please review new regression test for java.net.* API

On 18 March 2010 15:07, Christopher Hegarty -Sun Microsystems Ireland wrote: > > > Sean Mullan wrote: >> >> >>> >>> Security folk: >>>  Do we currently have any tests with a dependency on cacerts? >> >> yes, but they would be in the closed tests. > > So we have your own non public tests for t

[security-dev 01704]: Re: Please review new regression test for java.net.* API

Andrew John Hughes wrote: This has been posted about before; OpenJDK currently can't bootstrap itself because it doesn't have a working cacerts store (the JAXP URL uses https). I don't know how to solve this; we can certainly have the cacerts file populated on GNU/Linux systems, but I don't hav

[security-dev 01703]: Re: Please review new regression test for java.net.* API

Sean Mullan wrote: Security folk: Do we currently have any tests with a dependency on cacerts? yes, but they would be in the closed tests. So we have your own non public tests for this. Maybe RedHat should take a similar approach then. -Chris. --Sean

[security-dev 01702]: Re: Please review new regression test for java.net.* API

On 18 March 2010 14:57, Christopher Hegarty -Sun Microsystems Ireland wrote: > Pavel Tisnovsky wrote: >> >> Christopher Hegarty -Sun Microsystems Ireland wrote: >>> >>> Alan Bateman wrote: Pavel Tisnovsky wrote: > > Hi, > > please review new regression test for java.net.*

[security-dev 01701]: Re: Please review new regression test for java.net.* API

Christopher Hegarty -Sun Microsystems Ireland wrote: Pavel Tisnovsky wrote: Christopher Hegarty -Sun Microsystems Ireland wrote: Alan Bateman wrote: Pavel Tisnovsky wrote: Hi, please review new regression test for java.net.* API. This test check if the cacerts keytool database is configured

[security-dev 01700]: Re: Please review new regression test for java.net.* API

Alan Bateman wrote: Christopher Hegarty -Sun Microsystems Ireland wrote: : Alan is correct there are already tests for SSL/Https in javax.net, but I believe these use self signed certs, no dependency on cacerts. OK, in that case adding a new test make sense. The test/java/net tree is probably

[security-dev 01699]: Re: Please review new regression test for java.net.* API

Pavel Tisnovsky wrote: Christopher Hegarty -Sun Microsystems Ireland wrote: Alan Bateman wrote: Pavel Tisnovsky wrote: Hi, please review new regression test for java.net.* API. This test check if the cacerts keytool database is configured properly and SSL is really working. The test should

[security-dev 01698]: Re: Please review new regression test for java.net.* API

Christopher Hegarty -Sun Microsystems Ireland wrote: Alan Bateman wrote: Pavel Tisnovsky wrote: Hi, please review new regression test for java.net.* API. This test check if the cacerts keytool database is configured properly and SSL is really working. The test should not fail if SSL is worki

[security-dev 01697]: Re: Please review new regression test for java.net.* API

Christopher Hegarty -Sun Microsystems Ireland wrote: : Alan is correct there are already tests for SSL/Https in javax.net, but I believe these use self signed certs, no dependency on cacerts. OK, in that case adding a new test make sense. The test/java/net tree is probably not the best place t

[security-dev 01696]: Re: Please review new regression test for java.net.* API

On 18 March 2010 14:28, Christopher Hegarty -Sun Microsystems Ireland wrote: > Alan Bateman wrote: >> >> Pavel Tisnovsky wrote: >>> >>> Hi, >>> >>> please review new regression test for java.net.* API. This test check if >>> the cacerts keytool database is configured properly and SSL is really >>>

[security-dev 01695]: Re: Please review new regression test for java.net.* API

Alan Bateman wrote: Pavel Tisnovsky wrote: Hi, please review new regression test for java.net.* API. This test check if the cacerts keytool database is configured properly and SSL is really working. The test should not fail if SSL is working (in other case it simply throws IOException). Webr

[security-dev 01694]: hg: jdk7/tl/jdk: 6829283: HTTP/Negotiate: Autheticator triggered again when user cancels the first one

Changeset: 2796f839e337 Author:weijun Date: 2010-03-18 18:26 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2796f839e337 6829283: HTTP/Negotiate: Autheticator triggered again when user cancels the first one Reviewed-by: chegar ! src/share/classes/sun/net/www/protocol/http/