Changeset: 2ebefcea77a5
Author:vinnie
Date: 2008-05-14 18:59 +0100
URL: http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/2ebefcea77a5
6383078: OCSP checking does not work on end-entity certificate
Reviewed-by: mullan
! src/share/classes/sun/security/provider/certpath/OCSPChecker.java
C
Hello Mike,
This functionality is being planned for the JDK7 release. The existing
java.security.cert.CertificateFactory class can easily be enhanced with
several new methods:
o to create a certificate signing request
o to parse a certificate signing request
o to issue a new certifica
Mike Duigou wrote:
Vincent Ryan wrote:
Hello Mike,
This functionality is being planned for the JDK7 release. The existing
java.security.cert.CertificateFactory class can easily be enhanced with
several new methods:
o to create a certificate signing request
o to parse a certificate
Your fix looks good Max.
Max (Weijun) Wang wrote:
> Hi Vinnie
>
> I've forward-ported the OpenSSL-style cert fix to JDK 7, updated an
> existing test[1], and add a new regression test. can you please take a
> review? The diff of X509Factory.java is identical to the one I showed
> you last month.
Changeset: 1ff7163fc5f7
Author:vinnie
Date: 2009-08-11 16:52 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1ff7163fc5f7
6840752: Provide out-of-the-box support for ECC algorithms
Reviewed-by: alanb, mullan, wetmore
! make/sun/security/Makefile
+ make/sun/security/ec/FILES_c
Changeset: dd997cc0c823
Author:vinnie
Date: 2009-08-24 18:37 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dd997cc0c823
6872048: bad private keys are generated for 2 specific ECC curves
Reviewed-by: wetmore
! src/share/native/sun/security/ec/ec.c
! test/sun/security/ec/Test
Hello Andrew,
Our original intention was to provide a Java implementation of ECC.
However due to software patents already granted for ECC we were
constrained in what we could reasonably resource and openly discuss.
In the end we opted to reuse the NSS code from OpenSolaris (which was
originally
to solicit input from security-dev on how best to
achieve this.
Your proposal to supply an NSS config file for the SunPKCS11 provider
is one approach but what about platforms where an ECC-enabled NSS is
not present?
Andrew John Hughes wrote:
2009/8/27 Vincent Ryan :
Hello Andrew,
Our original int
n Hughes :
>> 2009/9/9 Vincent Ryan :
>>> Hello Andrew,
>>>
>>> I realize that you, along with others in the Linux community, are less
>>> than satisfied with the changeset to provide out-of-the-box support for
>>> ECC algorithms.
>>>
&g
Changeset: 845fefff00a4
Author:vinnie
Date: 2009-09-21 23:01 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/845fefff00a4
6884175: CR cleanup for 6840752: Provide out-of-the-box support for ECC
algorithms
Reviewed-by: wetmore
! make/sun/security/ec/Makefile
! make/sun/securi
Hello Andrew,
I'll need a little more time to come up to speed on this fix. I'm concerned that
there may be interoperability or backwards compatibility issues.
Andrew John Hughes wrote:
> 2009/9/2 Andrew John Hughes :
>> 2009/9/2 Michael StJohns :
>>> At 09:38 PM 9/1/2009, Andrew John Hughes wr
Hello all,
I'm proposing a change that enables JSSE to work when Kerberos is not present
at runtime:
http://cr.openjdk.java.net/~vinnie/6885204/webrev.00/webrev/
Please comment.
Thanks.
There's a new webrev available at:
http://cr.openjdk.java.net/~vinnie/6885204/webrev.01/webrev/
Brad Wetmore wrote:
>
> Vincent Ryan wrote:
>> I'm proposing a change that enables JSSE to work when Kerberos is not
>> present
>> at runtime:
>>
>>
Changeset: 54118c8e0ebe
Author:vinnie
Date: 2009-10-05 23:42 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/54118c8e0ebe
6885204: JSSE should not require Kerberos to be present
Reviewed-by: wetmore, alanb
!
src/share/classes/com/sun/net/ssl/internal/www/protocol/https/Deleg
o getting this fixed would be quite welcome, it's a small fix. I've
>>>>> tested it on SafeNet HSMs myself right now.
>>>>>
>>>>>
>>>>> Kind regards,
>>>>> Tomas Gustavsson
>>>>> PrimeKey Solu
Hello all,
I'm proposing a further change that enables JSSE to work when Kerberos is not
present at runtime:
http://cr.openjdk.java.net/~vinnie/6894643/webrev.00/
(This continues the removal of static dependencies begun in CR 6885204.)
Please comment.
Thanks.
Alan Bateman wrote:
Vincent Ryan wrote:
Hello all,
I'm proposing a further change that enables JSSE to work when Kerberos
is not
present at runtime:
http://cr.openjdk.java.net/~vinnie/6894643/webrev.00/
(This continues the removal of static dependencies begun in CR 6885204.)
P
There's an updated webrev at:
http://cr.openjdk.java.net/~vinnie/6894643/webrev.01/
The reflection code in KerberosClientKeyExchange has been reworked to avoid
an object initializer problem.
Vincent Ryan wrote:
> Hello all,
>
> I'm proposing a further change that enable
Changeset: 7475a2e71c40
Author:vinnie
Date: 2009-11-12 23:00 +
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7475a2e71c40
6894643: Separate out dependency on Kerberos
Reviewed-by: alanb, xuelei
! make/sun/security/other/Makefile
! src/share/classes/com/sun/jndi/ldap/ext/Start
Hello all,
More than 11 years ago we introduced a new format for Java policy files
in Java 1.2. We deprecated but retained support for the old Java 1.1
format. I'd like to propose that we now remove support for that legacy
format.
This would allow us to eliminate several hard-coded dependencies o
Changeset: 561186928899
Author:vinnie
Date: 2009-12-02 17:06 +
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/561186928899
6906510: Fix testcase for 6894643: Separate out dependency on Kerberos
Reviewed-by: weijun
! test/sun/security/krb5/auto/SSL.java
Changeset: 79d91585d7d7
Changeset: bc12627832e0
Author:vinnie
Date: 2009-12-03 21:30 +
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/bc12627832e0
6906854: SSL/Krb5 testcase should not use a fixed port number
Reviewed-by: alanb
! test/ProblemList.txt
! test/sun/security/krb5/auto/SSL.java
The webrev for this change is available at:
http://cr.openjdk.java.net/~vinnie/6876158/webrev.00/
It removes dependencies on several long deprecated classes.
A later changeset will follow this to remove Identity Database options
from the jarsigner and keytool command-line utilities.
Vincent
Changeset: 327adb1c2224
Author:vinnie
Date: 2009-12-07 17:06 +
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/327adb1c2224
6876158: Remove dependencies on Signer, Certificate, Identity, IdentityScope
classes from java.security pkg
Reviewed-by: alanb, mullan
! src/share/classe
These issues (and removal of selected jarsigner * keytool options) will be
addressed in a separate fix because it will require CCC approval.
Max (Weijun) Wang wrote:
> Seems there are more to clean:
>
> PolicyFile's ignoreIdentityScope() now default false, it should simply
> be always false and
Linux distributions.
>>
>>> Regards,
>>> Tomas Gustavsson
>>> PrimeKey Solutions AB
>>>
>>>
>>> On Wed, 20 Jan 2010, Michael StJohns wrote:
>>>
>>>> Hi - this seems to have stalled out again. Any chance of reviva
Changeset: 117b245b5bb9
Author:vinnie
Date: 2010-01-21 23:59 +
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/117b245b5bb9
6763530: Cannot decode PublicKey (Proider SunPKCS11, curve prime256v1)
Reviewed-by: andrew
! src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java
!
On 22/01/2010 01:38, Andrew John Hughes wrote:
> 2010/1/21 Vincent Ryan :
>> I hear ya. Sorry for the delay on this. I'll push the fix for OpenJDK today.
>>
>
> Thanks! Would this be suitable for OpenJDK6 as well? CCing the
> jdk6-dev list on that.
Yes. T
Please review this minor change to eliminate a reference to the
sun.security.provider.IdentityDatabase class in the java.security
configuration file. That class was removed as part of our
modularization effort.
http://cr.openjdk.java.net/~vinnie/6921001/webrev.00/
Thanks.
Changeset: 78d91c4223cb
Author:vinnie
Date: 2010-03-01 17:54 +
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/78d91c4223cb
6921001: api/java_security/IdentityScope/IdentityScopeTests.html#getSystemScope
fails starting from b78 JDK7
Reviewed-by: mullan
! src/share/classes/java
1/webrev.00
>
> Bug is:
>
>http://bugs.sun.com/view_bug.do?bug_id=6923681
>
> No reg test. Trivial code update.
>
> Why hasn't Findbugs noticed it?
>
> Thanks
> Max
>
> On Feb 9, 2010, at 5:32 PM, Vincent Ryan wrote:
>
>> This is an interest
The SASL component looks good Max.
Michael/Chris: have you any comments on the NTLM changes?
On 25/08/2010 06:23, Weijun Wang wrote:
> Ping again.
>
> The webrev is updated:
>http://cr.openjdk.java.net/~weijun/6911951/webrev.01/
>
> The CCC is about to be finalized:
>http://ccc.sfbay.
Hello Max,
That fix looks fine.
Thanks.
On 26 Mar 2013, at 23:29, Weijun Wang wrote:
> http://cr.openjdk.java.net/~weijun/8010125/webrev.00/
>
> Thanks
> Max
Hello Tony,
Your changes look fine.
Thanks.
On 22 Mar 2013, at 18:57, Anthony Scarpino wrote:
> Hi all,
>
> I need a code review for below webrev. The changes are to have SunJCE call
> itself, using it's current instance, for checking such things as parameters,
> instead of searching throug
I overlooked that potential race condition when creating the SunJCE singleton.
Both proposed solutions risk the construction of superfluous SunJCE objects.
Wouldn't it be better to use the Enum idiom to ensure that multiple SunJCE
objects are not constructed?
On 29 Mar 2013, at 01:00, Anthony
Both fixes look good.
On 10 Apr 2013, at 15:06, Weijun Wang wrote:
> 8011745: Unknown CertificateChoices
>
> http://cr.openjdk.java.net/~weijun/8011745/webrev.00/
>
> 8011867: Accept unknown PKCS #9 attributes
>
> http://cr.openjdk.java.net/~weijun/8011867/webrev.00/
>
> Thanks
> Max
Your fix looks fine.
Thanks.
On 25 Apr 2013, at 16:00, Sean Mullan wrote:
> Hi Vinnie,
>
> Could I get a code review for the fix for 8011313:
>
> http://cr.openjdk.java.net/~mullan/webrevs/8011313/webrev.00/
>
> The bug has been tagged with noreg-sqe since there is an existing SQE test
> for
That fix looks good to me.
Thanks.
On 25/04/2013 19:47, Sean Mullan wrote:
This fix adds support for 2 new system properties to allow users to
adjust the maximum allowable clock skew when validating OCSP responses,
and a maximum connection timeout for downloading CRLs.
webrev: http://cr.openjd
Please review the following fix for:
4634141: PBE Cipher should have the ability to use params from PBE Key
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4634141
Webrev: http://cr.openjdk.java.net/~vinnie/4634141/webrev.00/
This problem is that the parameters required by PBE-style ciphers
Your fix looks good Max.
On 1 May 2013, at 11:31, Weijun Wang wrote:
> Ping again.
>
> On 4/19/13 8:56 AM, Weijun Wang wrote:
>> Resubmitted at http://cr.openjdk.java.net/~weijun/8012082/webrev.01/.
>>
>> Now, when unwrap is called, it does *not* check if the message received
>> matches the QoP
Your fix looks good.
Just a minor comment: should 'ic' be expanded to 'iteration count' in the
exception message
in HmacPKCS12PBESHA1.java and PBMAC1Core.java?
On 8 May 2013, at 02:08, Valerie (Yu-Ching) Peng wrote:
> Vinnie,
>
> Could you please help reviewing the fixes for 8013069 "javax.cr
Please review the fix for: http://bugs.sun.com/view_bug.do?bug_id=7174966
The problem occurs when validating the signature of an OCSP response from the
Comodo CA.
The Signature class tests for the presence of the digitalSignature keyUsage
setting when examining
a signer's certificate. One soluti
t
check is acceptable.
On 29 May 2013, at 13:42, Xuelei Fan wrote:
> What's the key usage of the OCSP responder? I think it is more like a
> problem of Comodo CA. This fix may loosen the checking of the validity
> of the OCSP responder's certificate.
>
> Xuelei
>
ow, it is fine to me.
>
> Thanks,
> Xuelei
>
> On 5/29/2013 8:59 PM, Vincent Ryan wrote:
>> The Comodo cert has the 'keyCertSign' and 'cRLSign' keyUsage bits set.
>> That's unusual but permitted by RFC 5280.
>>
>> I could have change
ess on this.
> --
> Sent from my mobile device.
>
> Xuelei Fan wrote:
>
>> What's the key usage of the OCSP responder? I think it is more like a
>> problem of Comodo CA. This fix may loosen the checking of the validity
>> of the OCSP responder's certificate.
&
Thanks Mike. Both those classes were extended, as you suggest, for JDK 8:
http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/8ee6d45348ba
A separate effort is also underway to enhance the classes that implement
SecretKey and PrivateKey.
Applications may first check whether a key class is an instance
Please review the following fix:
http://cr.openjdk.java.net/~vinnie/7165807/webrev.00/
http://bugs.sun.com/view_bug.do?bug_id=7165807
NSS may be initialized to favour performance or to favour memory footprint.
This fix introduces a new configuration flag to allow Java applications to
choose.
By
implementation classes will be able to take advantage of this.
>
> In any event - thanks!
>
> Mike
>
>
>
>
>
> At 01:17 PM 6/14/2013, Vincent Ryan wrote:
>> Thanks Mike. Both those classes were extended, as you suggest, for JDK 8:
>> http://hg.ope
, Jun 14, 2013 at 06:38:16PM +0100, Vincent Ryan wrote:
>> NSS may be initialized to favour performance or to favour memory footprint.
>> This fix introduces a new configuration flag to allow Java applications to
>> choose. By default, NSS will be initialized for performance.
>
I've made some corrections to the native method that initializes NSS.
The new webrev is at:
http://cr.openjdk.java.net/~vinnie/7165807/webrev.01
On 14 Jun 2013, at 18:38, Vincent Ryan wrote:
> Please review the following fix:
>
> http://cr.openjdk.java.net/~vinnie/7165807/web
e "Use" part seems a bit
> odd in the property name.
>
> 2. Add the appropriate noreg label to the bug.
>
> 3. File a followup doc bug to document the attribute in the PKCS11 guide.
>
> --Sean
>
> On 06/19/2013 08:49 AM, Vincent Ryan wrote:
>> I
Your change looks fine to me.
On 20 Jun 2013, at 10:42, Xuelei Fan wrote:
> Hi,
>
> Please review this test only update:
> http://cr.openjdk.java.net/~xuelei/8017157/webrev.00/
>
> In test RejectClientRenego.java, we tried to catch SSLHandshakeException
> in both client and server. However, the
Please review this fix for 7u:
http://cr.openjdk.java.net/~vinnie/8014805/webrev.00/
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8014805
It corrects the NPE that occurs when verifying an X.509 cert that has an
Authority Key ID extension
present but it is not in the hash-based format.
Thi
Thanks.
On 22 Jun 2013, at 01:19, Xuelei Fan wrote:
> Looks fine to me.
>
> Xuelei
>
> On 6/21/2013 11:46 PM, Vincent Ryan wrote:
>> Please review this fix for 7u:
>>
>> http://cr.openjdk.java.net/~vinnie/8014805/webrev.00/
>> http://bugs.sun.com
Hello all,
The fix to handle Authority Key IDs also applies to Subject Key IDs so I've
duplicated the changes:
http://cr.openjdk.java.net/~vinnie/8014805/webrev.01
Thanks.
On 24 Jun 2013, at 12:42, Vincent Ryan wrote:
> Thanks.
>
> On 22 Jun 2013, at 01:19, Xuelei Fan wrot
I've updated the webrev to address your comments:
http://cr.openjdk.java.net/~vinnie/8014805/webrev.02/
Thanks.
On 24 Jun 2013, at 16:24, Sean Mullan wrote:
> On 06/24/2013 10:38 AM, Vincent Ryan wrote:
>> Hello all,
>>
>> The fix to handle Authority Key IDs also
Your fix looks good.
On 26 Jun 2013, at 04:45, Xuelei Fan wrote:
> Hi,
>
> webrev: http://cr.openjdk.java.net/~xuelei/8017049/webrev.00/
>
> In update of 7188658
> (http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a76858faad59), we defines a
> new system property, "jdk.tls.rejectClientInitializedRene
igDir to this call?
To be consistent with the NSS native code: it passes an empty string.
>
> Lastly, is the "NSS_Initialize(...)" method always available for the
> supported NSS library versions, i.e. 3.7+? Is this a newer method meant to
> replace "NSS_Init(...)&qu
Hello,
Please review the following JDK 8 fix:
Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8019259
Webrev: http://cr.openjdk.java.net/~vinnie/8019259/webrev.00/
It corrects a problem during X.509 certificate revocation checking where
failover to using CRLs is not
performed in the ca
to learn that RuntimeException should be token care of
> sometimes.
>
> Thanks,
> Xuelei
>
> On 6/29/2013 2:41 AM, Vincent Ryan wrote:
>> Hello,
>>
>> Please review the following JDK 8 fix:
>>
>> Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_
OK. Thanks.
On 2 Jul 2013, at 00:02, Xuelei Fan wrote:
> On 7/1/2013 8:56 PM, Vincent Ryan wrote:
>> I think that wrapping a RuntimeException (in CPVE) is acceptable in this case
>> because the goal is to activate the failover mechanism from OCSP to CRL.
>>
>> Do you
ption gets obscured during OCSP cert revocation
checking
Webrev: http://cr.openjdk.java.net/~vinnie/8019627/webrev.00/
It simply re-throws RuntimeExceptions.
On 2 Jul 2013, at 16:19, Sean Mullan wrote:
> On 07/01/2013 07:02 PM, Xuelei Fan wrote:
>> On 7/1/2013 8:56 PM, Vincent Ryan wrot
Your fix looks good.
On 8 Jul 2013, at 21:48, Sean Mullan wrote:
> Hi Xuelei,
>
> Can you please review my fix for JDK-8017173? This is a regression introduced
> in 7u25. It does not affect JDK 8, because the recent fix for JDK-8011547 to
> integrate the Apache Santuario release 1.5.4 also fi
Please review the following fix that adds cleanup code to a failing testcase:
Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7084026
Webrev: http://cr.openjdk.java.net/~vinnie/7084026/webrev.00/
Thanks.
The first one looks fine. I haven't finished reviewing the second one yet.
On 17 Jul 2013, at 21:51, Anthony Scarpino wrote:
> I have broken these into two webrev. The first:
>
> JDK-8012971 PKCS11Test hiding exception failures
> http://cr.openjdk.java.net/~ascarpino/8012971/webrev.01/
>
> ha
Please review the following change to correct the handling of backdated OCSP
requests:
Bug: http://bugs.sun.com/view_bug.do?bug_id=8020940 [not yet visible]
Webrev: http://cr.openjdk.java.net/~vinnie/8020940/webrev.00
It modifies the OCSP client to verify the validity interval for an OCSP
resp
Your changes look good.
Thanks.
On 16 Jul 2013, at 20:11, Sean Mullan wrote:
> Please review my JDK 8 fix for 8010748:
>
> http://bugs.sun.com/view_bug.do?bug_id=8010748
>
> This add a few useful API additions to JEP 124 (Enhance the Certificate
> Revocation-Checking API) from experience with
argument for method SingleResponse
constructor becomes obsolete and not used at all.
Should it be removed from the method signature, i.e. any reason to keep
this?
Thanks,
Valerie
On 07/19/13 09:39, Vincent Ryan wrote:
Please review the following change to correct the handling of
backdated OCSP requests
Your fix looks fine.
On 25 Jul 2013, at 23:17, Rajan Halade wrote:
> Could you please review the small fix for 8019544:
>
> http://cr.openjdk.java.net/~juh/rajan/8019544/webrev.00/
>
> This is a test only fix for test stabilization.
>
> --
> Rajan Halade, CISSP | Senior Member of Technical St
Your fix looks good.
On 26 Jul 2013, at 01:33, Sean Mullan wrote:
> On 07/25/2013 05:08 PM, Sean Mullan wrote:
>> Hello,
>>
>> Could you please review my fix for 8001319:
>>
>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8012288/webrev.00/
>
> Correction above
>
> webrev: http://cr.ope
Your fix looks fine.
On 31 Jul 2013, at 08:04, Weijun Wang wrote:
> Hi All
>
> Please review the fix at
>
> http://cr.openjdk.java.net/~weijun/8021789/webrev.00/
>
> The problem is that jarsigner uses Collator::compare to check for command
> line options, and if that Collator uses Collator.P
Your fix looks good.
On 1 Aug 2013, at 14:36, Xuelei Fan wrote:
> Hi,
>
> Please review this simple update.
>
> webrev: http://cr.openjdk.java.net/~xuelei/7127524/webrev.00/
>
> The purpose of this fix is to remove the unnecessary serialVersionUID
> definition in anonymous class.
>
> private
Please review the following clarification to the spec for
javax.crypto.spec.PBEParameterSpec
to specify that its new 3-arg constructor can also accept null as its final
argument:
http://cr.openjdk.java.net/~vinnie/8013170/webrev.00/
Thanks.
Thanks. I've also updated the bug report as you suggest.
On 13 Aug 2013, at 14:52, Sean Mullan wrote:
> Looks fine. The bug should have a noreg label (probably noreg-jck).
>
> --Sean
>
> On 08/13/2013 09:11 AM, Vincent Ryan wrote:
>> Please review the following cla
Looks fine to me.
On 13 Aug 2013, at 14:41, Sean Mullan wrote:
> Could I get a quick code review on this?
>
> Thanks,
> Sean
>
> $ hg diff ProblemList.txt
> diff -r 5b14d702b0b8 test/ProblemList.txt
> --- a/test/ProblemList.txt
> +++ b/test/ProblemList.txt
> @@ -296,6 +296,9 @@
> # 7194428
> s
Please approve the removal of ShortRSAKey1024.sh from the test exclusion list
as it is now passing reliably on Windows platforms.
Bug:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8023108
Webrev:
http://cr.openjdk.java.net/~vinnie/8023108/webrev.00/
Thanks.
Thanks Sean.
On 15 Aug 2013, at 19:41, Sean Mullan wrote:
> Approved.
>
> --Sean
>
> On 08/15/2013 12:11 PM, Vincent Ryan wrote:
>>
>> Please approve the removal of ShortRSAKey1024.sh from the test exclusion list
>> as it is now passing reliably on Windows
Your fix looks fine Sean.
On 19/08/2013 15:27, Sean Mullan wrote:
Ping? Can anyone review this for me? The changes are not as extensive as
they look; this is mostly just moving code to a different package. Also,
com.sun.security.auth.PolicyParser.java has been removed as
sun.security.provider.Po
Your change looks fine.
On 19/08/2013 19:52, Anthony Scarpino wrote:
Hi,
I need a very simple review on enabling a test
http://cr.openjdk.java.net/~ascarpino/8022896/webrev.00/
thanks
Tony
Those changes look fine to me.
On 27 Aug 2013, at 14:34, Sean Mullan wrote:
> Hi,
>
> Could you please review my fix for 8019830:
>
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8019830/webrev.00/
>
> The bug is not yet available on bugs.sun.com, so here is the description of
> the bu
Your fix looks good Tony.
Thanks.
On 30 Aug 2013, at 04:09, Anthony Scarpino wrote:
> Hi,
>
> I need a review of the below webrev for 8009438 sun/security/pkcs11/Secmod
> tests failing on Ubuntu 12.04
>
> http://cr.openjdk.java.net/~ascarpino/8009438/
>
> No additional tests are needed as thi
Your fix looks fine to me.
Thanks.
On 5 Sep 2013, at 18:51, Anthony Scarpino wrote:
> Hi,
>
> I'd like a code review, really short, for 8004283
> test/sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failing intermittently.
>
> http://cr.openjdk.java.net/~ascarpino/8004283/webrev.00/
>
> thank
Looks fine Sean.
Thanks.
On 6 Sep 2013, at 16:01, Sean Mullan wrote:
> Please review this simple fix to treat OCSP Unauthorized responses as an
> error when checking revocation status, even when the SOFT_FAIL option is set.
>
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8023362/webrev.
Please review the following fix that adds support to the keytool utility for
storing arbitrary user passwords
in a keystore. For keystores such as PKCS#12 that support a variety of key
protection algorithms,
the PBE algorithm may also be specified by overloading the existing -keyalg
flag. For e
so, the command name is -importpassword but the prompt is "Enter the
> passphrase to be stored". Feel a little uncomfortable.
>
> Thanks
> Max
>
>
> On 9/14/13 2:25 AM, Vincent Ryan wrote:
>>
>> Please review the following fix that adds support to th
Sorry. I've just refreshed it now:
http://cr.openjdk.java.net/~vinnie/8008296/webrev.00
On 3 Oct 2013, at 15:08, Weijun Wang wrote:
> I don't have other issues. Have you updated the webrev? I see no change.
>
> --Max
>
> On 10/3/13 9:57 PM, Vincent Ryan wrote:
&
Thanks Max.
On 4 Oct 2013, at 04:05, Weijun Wang wrote:
> This looks fine.
>
> Thanks
> Max
>
> On 10/3/13 11:26 PM, Vincent Ryan wrote:
>> Sorry. I've just refreshed it now:
>> http://cr.openjdk.java.net/~vinnie/8008296/webrev.00
>>
>>
&g
Your changes look fine.
On 04/10/2013 23:24, Valerie (Yu-Ching) Peng wrote:
Well, can someone please review the following trivial fix today or early
Monday?
8025967: addition of -Werror broke the old build
JCE is still using the legacy build and as a result, I have to fix build
warnings in oth
The JAAS and JGSS changes look fine too.
On 7 Oct 2013, at 09:23, Chris Hegarty wrote:
> Alan,
>
> I checked the httpsever and sctp changes. All look good to me.
>
> -Chris.
>
> On 10/06/2013 09:03 PM, Alan Bateman wrote:
>>
>> As a follow-up to Joe Darcy's rename of jdk.Supported to jdk.Exp
Currently, there is no public API for named curves.
However you can generate named curves using the SunEC provider and the
ECParameterSpec class.
For example,
AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC",
"SunEC");
parameters.init(new ECGenParameterSpec(
s rather than part of the JDK side
> implementation.
True. The database of curve parameters is part of the SunEC provider.
>
> I'm wondering if perhaps its time to change the above and move the curve
> database over to the JDK side?
>
> Mike
>
>
>
>
>
Please review the following change - it's a simple re-factoring to promote a
nested class to a stand-alone class:
Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8008171
Webrev: http://cr.openjdk.java.net/~vinnie/8008171/webrev.00/
Thanks.
Thanks.
On 8 Oct 2013, at 19:33, Sean Mullan wrote:
> Looks good to me.
>
> --Sean
>
> On 10/08/2013 02:14 PM, Vincent Ryan wrote:
>> Please review the following change - it's a simple re-factoring to promote a
>> nested class to a stand-alone class:
nged it to use
OpenJDK in future.
>
> On 10/9/13 2:14 AM, Vincent Ryan wrote:
>> Please review the following change - it's a simple re-factoring to promote a
>> nested class to a stand-alone class:
>>
>> Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bu
Your changes look fine.
Thanks.
On 10/10/2013 01:56, Weijun Wang wrote:
Hi Vinnie
Please take a review at
http://cr.openjdk.java.net/~weijun/8026235/webrev.00/
Thanks
Max
That fix looks fine Jason.
Thanks.
On 10 Oct 2013, at 01:57, Jason Uh wrote:
> Hi Vinnie,
>
> Could you please review this fix? The test
> sun/security/tools/keytool/StorePasswords.java can terminate with an error on
> Windows because of files not getting cleaned up, so this fix deletes the
>
Please review this fix to close output stream in DomainKeyStore:
Bug: https://bugs.openjdk.java.net/browse/JDK-8026301
Webrev: http://cr.openjdk.java.net/~vinnie/8026301/webrev.00/
Thanks.
Thanks.
On 11 Oct 2013, at 20:10, Sean Mullan wrote:
> Looks good, just add a noreg-trivial tag to the bug.
>
> --Sean
>
> On 10/11/2013 02:41 PM, Vincent Ryan wrote:
>>
>> Please review this fix to close output stream in DomainKeyStore:
>>
>> Bug: h
That looks fine (except that l.82 got dropped from the original).
Since Embedded Linux versions install the NSS libs in different directories we
may have to
add new paths in future.
On 17 Oct 2013, at 12:03, Weijun Wang wrote:
> Hi Vinnie
>
> Please take a review at this fix
>
> http://cr.o
Those changes look fine.
Thanks.
On 16 Oct 2013, at 16:12, Sean Mullan wrote:
> This test was failing due to an invalid assumption that the JDK source tree
> would be available when testing. The test has been changed to not assume
> that. Also, a minor fix was made to the order of the restricte
1 - 100 of 493 matches
Mail list logo
