Just as the comments, "// The default ticket cache on Windows is not a
file." So I don't think there are some credentials missed, or won't get
read.
For the send question, the current CredentialsCache is implemented as a
file based cache. It's a good idea that we adjust the CredentialsCache
turns NULL, since the TGT for B in fcache is
first returned and then ignored.
On Jan 2, 2008, at 8:39 PM, Andrew Fan wrote:
Just as the comments, "// The default ticket cache on Windows is not
a file." So I don't think there are some credentials missed, or won't
g
Max (Weijun) Wang wrote:
Hi Andrew
Want to confirm something with you: There are some kinds of Kerberos
tickets inside the LSA cache that you can never get the encoded form,
right?
I don't have any experience on this issue. But I think even if it is a
ticket, so it is should encoded in stan
Christian Uebber wrote:
The SunJSSE of CBC mode is insecure against chosen plaintext attacks
(as all TLS 1.0 implemetations). What's the state of TLS 1.1 support
for (Open)JDK 7?
We plan support TLS1.1 for JDK 7, the implementation is in progress.
Andrew
TLS 1.1 adds explicit IVs, which is a
Hi David,
Thanks for your proposal on support RFC-5054 on JSSE. However, the SRP
is patented, the potential IP issues will prevent us from adding the
module into JSSE. And, the RFC-5054 is only a informational RFC and in
practice it is lack of deployment of SRP/TLS, my team think it is a low
Hi Kanatoko,
Would you please help on a short description why the updates is
necessary? And what's the use case that the OutputStream 's' would be null?
Thanks & Regards,
Andrew
Kanatoko wrote:
Here is a patch.
This issue is really important to me. Please merge this.
*** src/share/classes/s
Bruno Harbulot,
The issue has been reported as a bug. If you cannot wait for a fix,
please try a workaround as described bellow.
The SSLServerSocketImpl.checkEnabledSuites() is called before a socket
connection accept(i.e, no socket created at the call time), so a
temporary socket generated
Hi Kanatoko,
I need more time to check why sockOutput comes to null. It is OK to
break if the sockOutput is null just as your patch. However, it is never
expected to be null, so I wanna take more time to dig it further. Could
I ask you help if I need more information?
Thanks,
Andrew
Kanatok
A fix would require a way to set up the local address/port in the tmp
SSLSocketImpl, either by having a constructor that supports this
feature or a setter afterwards (probably less good, there's a good
reason why there no setLocalSocketAddress() method).
Best wishes,
Bruno.
Andrew Fan
Manager.chooseServerAlias()
ServerHandshaker.setupPrivateKeyAndChain()
trySetCipherSuite
chooseCipherSuite
ServerHandshaker.clientHello()
Handshaker.processMessage()
Please have a try with a workaround, any feedback are welcome.
Regards,
Andrew
Best wishes,
Bruno.
Andrew Fan wrote:
Hi Bruno,
Suppose the expected
Kanatoko wrote:
Andrew,
I figured out why sockOutput comes to null.
SSLSocketImpl class is used both from SSLSocket class and
SSLServerSocket class.
The problem occurs when SSLServerSocket instance uses(creates)
SSLSocketImpl
instance only for getting ServerHandshaker instance. The code is be
On Thu, 10 Sep 2020 01:58:09 GMT, Valerie Peng wrote:
> Could someone please help review this RFE?
>
> Enhance default JDK providers except SunPKCS11 with signatures using SHA-3
> family of digests. SunPKCS11 provider will
> be updated separately (JDK-8242332).
> This changes covers SUN, SunRsa
On Thu, 10 Sep 2020 01:58:09 GMT, Valerie Peng wrote:
> Could someone please help review this RFE?
>
> Enhance default JDK providers except SunPKCS11 with signatures using SHA-3
> family of digests. SunPKCS11 provider will
> be updated separately (JDK-8242332).
> This changes covers SUN, SunRsa
On Thu, 10 Sep 2020 01:58:09 GMT, Valerie Peng wrote:
> Could someone please help review this RFE?
>
> Enhance default JDK providers except SunPKCS11 with signatures using SHA-3
> family of digests. SunPKCS11 provider will
> be updated separately (JDK-8242332).
> This changes covers SUN, SunRsa
On Tue, 15 Sep 2020 01:34:56 GMT, Valerie Peng wrote:
>> Could someone please help review this RFE?
>>
>> Enhance default JDK providers except SunPKCS11 with signatures using SHA-3
>> family of digests. SunPKCS11 provider will
>> be updated separately (JDK-8242332).
>> This changes covers SUN,
On Tue, 22 Sep 2020 00:18:07 GMT, Anthony Scarpino
wrote:
>> This change removes the native elliptic curves library code; as well as, and
>> calls to that code, tests, and files
>> associated with those libraries. The makefiles have been changed to remove
>> from all source builds of the ec c
On Tue, 6 Oct 2020 16:00:12 GMT, Rajan Halade wrote:
> 8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to
> an expired certificate
test/jdk/java/security/cert/PolicyNode/GetPolicyQualifiers.java line 57:
> 55: params.setRevocationEnabled(false);
> 56:
On Tue, 6 Oct 2020 16:33:22 GMT, Rajan Halade wrote:
>> 8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to
>> an expired certificate
>
> Rajan Halade has updated the pull request incrementally with one additional
> commit since the last revision:
>
> 8254081: Use Da
On Tue, 29 Sep 2020 20:22:55 GMT, Anthony Scarpino
wrote:
> 8253821: Improve ByteBuffer performance with GCM
Impressive update and performance improvement! I have no major concerns, all
comments are just about trivial details
like indents.
src/java.base/share/classes/com/sun/crypto/provider/
On Mon, 12 Oct 2020 22:05:32 GMT, Valerie Peng wrote:
>> Could someone please help review this RFE? Update existing RSA key pair
>> generation code following the guidelines from
>> FIPS 186-4 and FIPS 186-5 (draft). Current proposed changes updates the
>> prime generation code (for P, Q) based
On Wed, 21 Oct 2020 02:48:35 GMT, Valerie Peng wrote:
>> Could someone please help review this RFE? Update existing RSA key pair
>> generation code following the guidelines from
>> FIPS 186-4 and FIPS 186-5 (draft). Current proposed changes updates the
>> prime generation code (for P, Q) based
On Thu, 29 Oct 2020 15:11:09 GMT, Christoph Langer wrote:
> It seems that there exists a memory/performance regression that was
> introduced with JDK-8210985: Update the default SSL session cache size to
> 20480.
>
> The idea to limit the maixmum SSL session cache size by itself is good.
> Un
On Thu, 29 Oct 2020 16:01:19 GMT, Christoph Langer wrote:
> > Did you have a benchmark with various cache sizes (for example, from 1 to
> > 10K) and various connections (for example from 1 to 10K) for those
> > components (including TLS implementation) that use Cache?
>
> Nope, we've just seen
On Thu, 29 Oct 2020 15:11:09 GMT, Christoph Langer wrote:
> It seems that there exists a memory/performance regression that was
> introduced with JDK-8210985: Update the default SSL session cache size to
> 20480.
>
> The idea to limit the maixmum SSL session cache size by itself is good.
> Un
On Thu, 29 Oct 2020 17:06:11 GMT, Volker Simonis wrote:
>> It seems that there exists a memory/performance regression that was
>> introduced with JDK-8210985: Update the default SSL session cache size to
>> 20480.
>>
>> The idea to limit the maixmum SSL session cache size by itself is good.
>
On Thu, 29 Oct 2020 17:43:43 GMT, Volker Simonis wrote:
> > > Benchmarking is probably hard because we don't know the average occupancy
> > > of the map.
> >
> >
> > I agreed. No matter what the default value is, it will not fit perfectly in
> > all situations. The value 1 may be fit for smal
On Thu, 29 Oct 2020 15:11:09 GMT, Christoph Langer wrote:
> It seems that there exists a memory/performance regression that was
> introduced with JDK-8210985: Update the default SSL session cache size to
> 20480.
>
> The idea to limit the maixmum SSL session cache size by itself is good.
> Un
A hostname in an URL ending with a dot is valid (See RFC 1034). However, it is
not a valid SNI hostname. The ending dot should be ignored while checking the
hostname with SNI or the name in a X.509 certificate.
The update should be verified with jshell. No new regression test added as
there
DK_HOME/bin/jshell
> jshell> URL url = new URL("https://www.google.com./";);
> jshell> URLConnection conn = url.openConnection();
> jshell> conn.connect();
Xue-Lei Andrew Fan has updated the pull request incrementally with one
additional commit since the last revision
On Tue, 25 Jan 2022 14:16:26 GMT, Weijun Wang wrote:
> Is it possible to add a regression test using the `-Djdk.net.hosts.file`
> feature? It is a JVM-only `/etc/hosts` alternative.
Good to know that. I added the test with customized hosts, and use URL
"www.example.com.".
-
PR:
This update is to support signature schemes customization for individual (D)TLS
connection. Please review the CSR as well:
CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
-
Commit messages:
- 8280494: https://bugs.openjdk.
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
On Thu, 27 Jan 2022 23:43:51 GMT, Jie Fu wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Copyright correction
>
> src/java.base/share/classes/javax/net/ssl/SSLParameters
On Fri, 28 Jan 2022 15:17:25 GMT, Sean Mullan wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Copyright correction
>
> src/java.base/share/classes/javax/net/ssl/SSLParam
On Fri, 28 Jan 2022 15:50:49 GMT, Jamil Nimeh wrote:
>> You should also define the interaction with the system properties (probably
>> as an @implNote). Does `getSignatureSchemes` ever return the value of the
>> system properties? Does the `setSignatureSchemes` API always override the
>> prope
On Fri, 28 Jan 2022 00:54:53 GMT, Bernd wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Copyright correction
>
> src/java.base/share/classes/javax/net/ssl/SSLParameters.java
On Fri, 28 Jan 2022 15:26:56 GMT, Sean Mullan wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Copyright correction
>
> src/java.base/share/classes/javax/net/ssl/SSLParameters.
On Fri, 28 Jan 2022 00:58:37 GMT, Bernd wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Copyright correction
>
> src/java.base/share/classes/javax/net/ssl/SSLParameters.jav
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
On Fri, 28 Jan 2022 01:05:22 GMT, Bernd wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Enrich the APIs specification
>
> src/java.base/share/classes/sun/security/ssl/
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
On Sun, 30 Jan 2022 03:03:37 GMT, Bernd wrote:
>> If we want to reuse the result, we may have to cache something. It is not
>> good to me. The parsing of the signature scheme names actually depends on
>> the provider. So at this point, in the Java SE API specification, it is not
>> easy to
On Sun, 30 Jan 2022 03:06:35 GMT, Bernd wrote:
>> Yes. Array copy is a concern of mine, too. Hopefully, the frozen array
>> feature could help address the array copy issues in the future.
>
> Hmm.. I guess the different packages make it really hard to have an internal
> optimized getter. What
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
On Sun, 30 Jan 2022 03:08:22 GMT, Bernd wrote:
>> Yes, it does. Do you like to use a for-loop, without new object allocation?
>
> Yes, static helper
Thanks for confirm. Updated to use a static helper method.
-
PR: https://git.openjdk.java.net/jdk/pull/7252
In the JSSE specification, the reference to "Java Security Standard Algorithm
Names" specification is documented as "Java Cryptography Architecture Standard
Algorithm Name Documentation". As should be corrected.
-
Commit messages:
- 8280949: Correct the references for the Java Sec
> In the JSSE specification, the reference to "Java Security Standard Algorithm
> Names" specification is documented as "Java Cryptography Architecture
> Standard Algorithm Name Documentation". As should be corrected.
Xue-Lei Andrew Fan has updated the pull r
> In the JSSE specification, the reference to "Java Security Standard Algorithm
> Names" specification is documented as "Java Cryptography Architecture
> Standard Algorithm Name Documentation". As should be corrected.
Xue-Lei Andrew Fan has updated the pull r
On Mon, 31 Jan 2022 16:39:34 GMT, Sean Mullan wrote:
> Please capitalize "specification" (i.e. "Specification") to be consistent
> with other references in the javadoc. Looks good otherwise.
OK. Just curious, why we want to use capitalized "specification"? This word
"specification" is not a
On Mon, 31 Jan 2022 20:05:45 GMT, Sean Mullan wrote:
> > > Please capitalize "specification" (i.e. "Specification") to be consistent
> > > with other references in the javadoc. Looks good otherwise.
> >
> >
> > OK. Just curious, why we want to use capitalized "specification"? This word
> > "s
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
On Mon, 31 Jan 2022 15:37:38 GMT, Xue-Lei Andrew Fan wrote:
> In the JSSE specification, the reference to "Java Security Standard Algorithm
> Names" specification is documented as "Java Cryptography Architecture
> Standard Algorithm Name Documentation". As sh
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
On Mon, 31 Jan 2022 21:26:46 GMT, Sean Mullan wrote:
>> As there is increasing number of SSL parameters, applications may just use
>> the constructor with no argument, and use the set methods individually.
>
> Ok. You should specify what the default value of the signature schemes
> parameter is
On Mon, 31 Jan 2022 21:55:18 GMT, Sean Mullan wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Rollback to use captialized S
>
> src/java.base/share/classes/javax/net/s
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
On Wed, 2 Feb 2022 14:45:21 GMT, Sean Mullan wrote:
> A few more comments on the API.
All good catches! Thank you very much. Updated the spec, CSR and impl.
-
PR: https://git.openjdk.java.net/jdk/pull/7252
On Wed, 2 Feb 2022 19:12:56 GMT, Xue-Lei Andrew Fan wrote:
>> This update is to support signature schemes customization for individual
>> (D)TLS connection. Please review the CSR as well:
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
>> RFE: https://bugs.ope
On Thu, 27 Jan 2022 22:06:21 GMT, Xue-Lei Andrew Fan wrote:
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.ne
On Wed, 2 Feb 2022 22:13:07 GMT, Sean Mullan wrote:
> On a related issue, have you given any thought as to what the behavior should
> be if a 3rd-party JSSE provider is not updated to support these new methods?
> I don't know of a good way to address that since the API is not part of the
> pro
On Wed, 26 Jan 2022 18:58:07 GMT, Xue-Lei Andrew Fan wrote:
>> A hostname in an URL ending with a dot is valid (See RFC 1034). However, it
>> is not a valid SNI hostname. The ending dot should be ignored while
>> checking the hostname with SNI or the name in a X.509 certi
DK_HOME/bin/jshell
> jshell> URL url = new URL("https://www.google.com./";);
> jshell> URLConnection conn = url.openConnection();
> jshell> conn.connect();
Xue-Lei Andrew Fan has updated the pull request incrementally with one
additional commit since the la
On Thu, 3 Feb 2022 01:19:12 GMT, Weijun Wang wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Add regression test with customized hosts
>
> test/jdk/javax/net/ssl/ServerName
On Tue, 25 Jan 2022 00:13:32 GMT, Xue-Lei Andrew Fan wrote:
> A hostname in an URL ending with a dot is valid (See RFC 1034). However, it
> is not a valid SNI hostname. The ending dot should be ignored while checking
> the hostname with SNI or the name in a X.509 certificate.
>
On Mon, 10 Jan 2022 13:36:25 GMT, Matthias Baesken wrote:
> 8279385: [test] Adjust sun/security/pkcs12/KeytoolOpensslInteropTest.java
> after 8278344
Marked as reviewed by xuelei (Reviewer).
-
PR: https://git.openjdk.java.net/jdk18/pull/91
On Thu, 3 Feb 2022 17:12:05 GMT, Weijun Wang wrote:
> Add the `-providerPath` option to jarsigner to be consistent with keytool.
Looks good to me except a minor comment. It's fine to me if you don't want to
take it.
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 256
On Thu, 3 Feb 2022 21:30:59 GMT, Sean Mullan wrote:
> > > On a related issue, have you given any thought as to what the behavior
> > > should be if a 3rd-party JSSE provider is not updated to support these
> > > new methods? I don't know of a good way to address that since the API is
> > > not
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
On Fri, 4 Feb 2022 16:34:14 GMT, Sean Mullan wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> More update for the sec and impl
>
> src/java.base/share/classes/javax/net/s
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
On Fri, 4 Feb 2022 16:35:22 GMT, Sean Mullan wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> More update for the sec and impl
>
> src/java.base/share/classes/javax/net/s
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
Xue-Lei Andrew Fan has updated the
Please review this trivial code clean up, for a little bit better performance.
-
Commit messages:
- 8281289: Improve with List.copyOf
Changes: https://git.openjdk.java.net/jdk/pull/7356/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7356&range=00
Issue: https://bugs.
On Fri, 4 Feb 2022 23:02:21 GMT, Xue-Lei Andrew Fan wrote:
> Please review this trivial code clean up, for a little bit better performance.
This pull request has now been integrated.
Changeset: 42e272e1
Author:Xue-Lei Andrew Fan
URL:
https://git.openjdk.java.net/jdk/com
On Sat, 5 Feb 2022 13:22:25 GMT, Claes Redestad wrote:
> There's a small compatibility risk with this change, e.g.,
> `List.copyOf(...).contains(null)` will throw NPE while
> `Collections.unmodifiableList(...).contains(null)` won't.
>
> If we accept that compatibility risk (which should probab
In [JDK-8281289](https://bugs.openjdk.java.net/browse/JDK-8281289), the
SSLParameters class was updated with the patch:
- return Collections.unmodifiableList(new
ArrayList<>(sniNames.values()));
+ return List.copyOf(sniNames.values());
However, there's a small compatibility risk with this chang
On Sun, 6 Feb 2022 22:11:06 GMT, Claes Redestad wrote:
> This looks like an appropriate solution which avoids the minor compatibility
> risk introduced by the previous change - and you might even end up being more
> efficient both when setting and reading the names/matchers.
>
> (Since we're g
On Sat, 5 Feb 2022 20:29:50 GMT, Xue-Lei Andrew Fan wrote:
> In [JDK-8281289](https://bugs.openjdk.java.net/browse/JDK-8281289), the
> SSLParameters class was updated with the patch:
>
> - return Collections.unmodifiableList(new
> ArrayList<>(sniNames.values()));
&
On Mon, 7 Feb 2022 19:51:28 GMT, Sean Mullan wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> correct null tags
>
> src/java.base/share/classes/javax/net/ssl/SSLParameters.java l
.net/browse/JDK-8281290
Xue-Lei Andrew Fan has updated the pull request incrementally with one
additional commit since the last revision:
Update class summary
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7252/files
- new: https://git.openjdk.java.net/jdk/pull/7252
On Mon, 7 Feb 2022 19:59:32 GMT, Sean Mullan wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> correct null tags
>
> src/java.base/share/classes/javax/net/ssl/SSLParameters.jav
On Mon, 7 Feb 2022 22:18:03 GMT, Sean Mullan wrote:
>> I think lines 714-816/723-725 describe the behavior already.
>>
>> I was hesitate to use "override", as the System Property values and the
>> default signature schemes are not actually overrode. The default signature
>> schemes are still
On Mon, 7 Feb 2022 22:56:45 GMT, Xue-Lei Andrew Fan wrote:
>> Sorry, you will have to bear with me as I am still not sure how it works - I
>> want to know who wins, the API or the properties, if both are set and I
>> can't find where it answers that above. Maybe I nee
On Tue, 8 Feb 2022 20:18:20 GMT, Sean Mullan wrote:
>>> Are you maybe saying that this method returns the value of the system
>>> properties if they are set?
>>
>> The return value of this method depends on the following specs:
>>
>> * If the {@link #setSignatureSchemes} method has not be
.net/browse/JDK-8281290
Xue-Lei Andrew Fan has updated the pull request incrementally with one
additional commit since the last revision:
Spec update
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7252/files
- new: https://git.openjdk.java.net/jdk/pull/7252/files/830
On Wed, 9 Feb 2022 14:33:11 GMT, Sean Mullan wrote:
>> Basically, the suggestion captures the implementation behaviors correctly.
>> To make it more accuracy, if we want to use it, we may need to consider more
>> cases:
>> 1. _explicitly set by application_, with null, empty or 1+ schemes.
>>
On Wed, 3 Nov 2021 17:02:40 GMT, Alexey Bakhtin wrote:
>> Please review the patch for JDK-8274524
>>
>> The fix just adds locks around InputStream read and skip operations to
>> prevent concurrent read from socket.
>> sun/security/ssl jtreg tests passed
>> api/javax_net/ssl/SSLSocket/setUseClie
On Wed, 9 Feb 2022 21:38:22 GMT, Sean Mullan wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Spec update
>
> src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 74
.net/browse/JDK-8281290
Xue-Lei Andrew Fan has updated the pull request incrementally with one
additional commit since the last revision:
spec re-wording
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7252/files
- new: https://git.openjdk.java.net/jdk/pull/7252
On Thu, 10 Feb 2022 06:18:28 GMT, John Jiang wrote:
> In class sun.security.x509.X509CRLImpl, method getExtension(ObjectIdentifier)
> doesn't declare that IOException would be thrown, so the @throws IOException
> doc should be removed.
Marked as reviewed by xuelei (Reviewer).
-
P
On Thu, 10 Feb 2022 18:19:41 GMT, Alexey Bakhtin wrote:
> Please review the patch for the JDK-8274524
>
> SSLSocket.close() could cause an intermittent hang of the socket read
> operation. It happens in case of SO_TIMEOUT is set to 0 (infinite timeout).
> SSLSocket.close() reads from the socket
On Fri, 11 Feb 2022 09:27:11 GMT, Alexey Bakhtin wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java line 1792:
>>
>>> 1790: try {
>>> 1791: if (soTimeout == 0)
>>> 1792: setSoTimeout(DEFAULT_SKIP_TIMEO
On Fri, 11 Feb 2022 20:07:43 GMT, Alexey Bakhtin wrote:
>> Please review the patch for the JDK-8274524
>>
>> SSLSocket.close() could cause an intermittent hang of the socket read
>> operation. It happens in case of SO_TIMEOUT is set to 0 (infinite timeout).
>> SSLSocket.close() reads from the s
.net/browse/JDK-8281290
Xue-Lei Andrew Fan has updated the pull request incrementally with one
additional commit since the last revision:
Add implSpec about existence of the new methods
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7252/files
- new: https://git.openj
On Wed, 16 Feb 2022 19:21:58 GMT, Xue-Lei Andrew Fan wrote:
>> This update is to support signature schemes customization for individual
>> (D)TLS connection. Please review the CSR as well:
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
>> RFE: https://bugs.ope
.net/browse/JDK-8281290
Xue-Lei Andrew Fan has updated the pull request incrementally with one
additional commit since the last revision:
more spec update per CSR feedback
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7252/files
- new: https://git.openjdk.java.ne
On Thu, 17 Feb 2022 23:28:35 GMT, Weijun Wang wrote:
> Updating to a recent release of PSL.
Marked as reviewed by xuelei (Reviewer).
-
PR: https://git.openjdk.java.net/jdk/pull/7526
On Mon, 21 Feb 2022 04:49:42 GMT, John Jiang wrote:
> sun.security.util.ECParameters class supports three AlgorithmParameterSpec
> types, exactly ECParameterSpec, ECGenParameterSpec and
> ECKeySizeParameterSpec, however the InvalidParameterSpecException messages
> missed ECKeySizeParameterSpec
1 - 100 of 669 matches
Mail list logo
