Hi Mandy
Sorry for late comment. My email client on Nokia E71 keeps crashing. (Hope
it's good this time).
I'm quite sure there are people out there calling KeyTool the same way.
Also, I feel a little weird that one tool is treated diffrently from
others.
Is it possible to leave all current
The parseStringValue method is definitively better. It is also consistent with
other fields.
But I'm not sure what parseLine means. So if we are going to add any special
characters to the description field, do we need to escape anything? What if we
add quotation marks there?
I'm not near a com
在 May 24, 2013,5:14,"Valerie (Yu-Ching) Peng" 写道:
> On 05/12/13 22:39, Weijun Wang wrote:
>> Hi Valerie
>>
>> Please take a look at
>>
>> http://cr.openjdk.java.net/~weijun/8014196/webrev.01/
>>
>> KeyTab.getInstance() used to return null if the keytab file does not exists,
>> but since w
在 Jun 13, 2013,4:14 AM,"Valerie (Yu-Ching) Peng" 写道:
>
> Changes look fine.
> Just curious, what's the reason for the changes in KeyTab.java?
There was an EType.getDefaults() call there and it is useless. If kept, will
need to check exception.
-Max
> Valerie
>
> On 06/07/13 00:31, Weijun
> I will also apply the same change to P11DHPrivateKey/P11DHPublicKey then.
> Equality check using ASN.1 encoding is fine for non-DH algorithms but not for
> DH.
I cannot read the source codes now, but is it possible to implement the equals
method right in the base interface using the JDK 8 de
Send again. And BTW, JPRT runs fine.
在 Jun 23, 2013,6:29 PM,Weijun Wang 写道:
> The macosx problem found, the machine's native GSS does not support shared
> replaycache.
>
> *Valerie* and/or *Xuelei*, can you please review the fix?
>
> http://cr.openjdk.java.net/~weijun/8017453/webrev.00/
>
ybe it's better to
>>> delay the adoption to a later release since it's easier for sustaining
>>> to just grab current changes and apply to earlier releases.
>>> Thanks for the review & please let me know if you have additional comments,
>>> Valerie
Hi Elliott
Great to see this again. I’ll come back to this later. There are some urgent
issues I have to deal with at this moment. I’ll also need to get those legal
advices regarding pkg.m4 etc.
Thanks
Max
On Jan 15, 2014, at 7:01, Elliott Baron wrote:
> Hi Max,
>
> I have finally been able
Hi All
Please take a look at the webrev at
http://cr.openjdk.java.net/~weijun/8031572/8/webrev.00/
JarVerifier has a flag that separates parsing signatures and verifying other
entries. The fix makes sure only signature-related files are processed in the
beginning so JarVerifier does not ent
Jan 22, 2014, at 15:01, Wang Weijun wrote:
> Hi All
>
> Please take a look at the webrev at
>
> http://cr.openjdk.java.net/~weijun/8031572/8/webrev.00/
>
> JarVerifier has a flag that separates parsing signatures and verifying other
> entries. The fix makes sure only
: names) {
+JarEntry e = getJarEntry(name);
if (e == null) {
throw new JarException("corrupted jar file");
}
so all names[i] become name.
Thanks
Max
> --Sean
>
> On 01/22/2014 02:01 AM, Wang Weiju
Please review the fix at
http://cr.openjdk.java.net/~weijun/8029995/webrev.00/
The supported boolean values in this fix cover what MIT krb5 does and we also
added 'f'.
The old getBooleanValue() method returns true for “true” and false otherwise
but the new method returns null if the value is
is there is a
NumberFormatException).
--Max
On Jan 29, 2014, at 5:46, Sean Mullan wrote:
> On 01/28/2014 03:53 AM, Wang Weijun wrote:
>> Please review the fix at
>>
>> http://cr.openjdk.java.net/~weijun/8029995/webrev.00/
>>
>> The supported boolean values in
Hi All
I didn't attend the parfait day last week, but a new one is coming. Please
review my fix at
http://cr.openjdk.java.net/~weijun/8034033/webrev.00/
Thanks
Max
Hi All
The bug is at https://bugs.openjdk.java.net/browse/JDK-8034762.
Basically there is nothing to review. I just move 10 files to a different
directory and not a single bit of their contents was changed. They are
test/sun/security/krb5/ConfPlusProp.java
test/sun/security/krb5/ConfigW
references to the exception object.
I see. So ExceptionCheck is just a return-void version of ExceptionOccurred.
I'll create another webrev.
Thanks
Max
>
> Thanks,
> Valerie
>
> On 02/11/14 04:27, Wang Weijun wrote:
>> Hi All
>>
>> I didn'
Updated webrev at
http://cr.openjdk.java.net/~weijun/8034033/webrev.01/
Thanks
Max
On Feb 13, 2014, at 8:56, Wang Weijun wrote:
>
> On Feb 13, 2014, at 8:48, Valerie (Yu-Ching) Peng
> wrote:
>
>> Max,
>>
>> Changes look fine.
>> However, I noticed s
Code change looks good.
Do you really want to use "Copyright (c) 2000, 2014" for the new file?
Thanks
Max
On Feb 14, 2014, at 20:06, Alan Bateman wrote:
>
> As part of preparing the JDK for modules we need to look at the dependencies
> between Kerberos and JAAS as they are logically separate
Unless you put a comment saying this file is a direct copy of another file, the
starting year does not make sense. Of course people really curious about it can
track to this changeset and see its origin.
--Max
On Feb 14, 2014, at 21:56, Alan Bateman wrote:
> On 14/02/2014 13:55, Wang Wei
Hi Valerie
Since this is a while loop, it seems for each BuildXXX function, just returning
NULL when an exception is thrown is not enough, because it's not returning to
Java but still inside the native code so another JNI call might run. Do you
think it's OK to add a ExceptionClear call after t
n Feb 15, 2014, at 9:14, Wang Weijun wrote:
> Hi Valerie
>
> Since this is a while loop, it seems for each BuildXXX function, just
> returning NULL when an exception is thrown is not enough, because it's not
> returning to Java but still inside the native code so another JNI
Ping again.
On Feb 15, 2014, at 16:18, Wang Weijun wrote:
> Webrev updated again at
>
> http://cr.openjdk.java.net/~weijun/8034033/webrev.02/
>
> I add more checks to make sure it's a good initial TGT, and exit the loop
> when there is either an exception or the TGT
Is there a proposal to extract them into a single include file?
Thanks
Max
A somehow related question: is there a proposal to specify a security property
on the command line?
Thanks
Max
On Feb 24, 2014, at 1:44, Sean Mullan wrote:
> On 02/21/2014 01:17 AM, Wang Weijun wrote:
>> Is there a proposal to extract them into a single include file?
>
> No so
Please review the code change at
http://cr.openjdk.java.net/~weijun/7176574/7u/webrev.00/
This is a backport of 3 jdk8 fixes on sun/security/krb5/auto/TcpTimeout.java
7176574: sun/security/krb5/auto/TcpTimeout.java failed with solaris-i586
http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4435
Hi Artem
Indefinite length is not allowed in DER so we never generate it. However, we do
support reading it. I guess there must be a reason. Maybe
1. We don't have separate BerXXX classes, so basically we read both DER and BER
with the same codes.
2. Most protocols require DER encoding, but ma
Oh, I might have mis-read your webrev. I take back my words below. Will read it
again.
Thanks
Max
On Feb 26, 2014, at 16:09, Wang Weijun wrote:
>
> Anyway, I think it's better to be tolerant, especially we have supported it
> ever since.
>
> Thanks
> Max
>
>
Hi Artem
The code change looks fine. It seems all your s/getLength/getDefiniteLength/
substitutions are those that only works with a definite length.
However, I do find the indefinite length support not satisfying. Just not sure
if it's worth fixing. For example:
1. No idea why DerImputStream:
Ping again.
On Feb 25, 2014, at 20:44, Wang Weijun wrote:
> Please review the code change at
>
> http://cr.openjdk.java.net/~weijun/7176574/7u/webrev.00/
>
> This is a backport of 3 jdk8 fixes on sun/security/krb5/auto/TcpTimeout.java
>
> 7176574: sun/security/krb5
Please review the fix for
https://bugs.openjdk.java.net/browse/JDK-8036104
Basically, the PAData.java test has the same name as the internal PAData.java
source file. IntelliJ IDEA always shows me the code completion hints I do not
want. And when I manually code the correct method, it shows a
Thanks. That is so fast.
--Max
On Mar 3, 2014, at 10:48, Xuelei Fan wrote:
> Fine.
>
> Xuelei
>
> On 3/3/2014 10:43 AM, Wang Weijun wrote:
As Brad mentioned in the comment, do you need to update the test/TEST.groups
file?
Although not friendly to read, you do have a webrev somewhere?
Thanks
Max
anged, but we know there are at least path to store changes.
--Max
On Mar 3, 2014, at 19:46, Xuelei Fan wrote:
> webrev: http://cr.openjdk.java.net/~xuelei/8032473/webrev.00/
>
> On 3/3/2014 1:54 PM, Wang Weijun wrote:
>> As Brad mentioned in the comment, do you need to update
date.export
>
> "hg import" should work. From the changeset, we can see the content
> changes in renames files.
>
> Xuelei
>
> On 3/3/2014 9:38 PM, Wang Weijun wrote:
>> Hi Xuelei
>>
>> Yes it's quite difficult to read the actual webrev so ins
Change looks fine. That was an awkward name.
--Max
On Mar 5, 2014, at 21:06, Xuelei Fan wrote:
> Hi,
>
> Please review this simple test fix:
>
>http://cr.openjdk.java.net/~xuelei/8036676/webrev.00/
>
> Updated to use capital letter to start a class name.
>
> Thanks,
> Xuelei
Change looks fine.
*Xuelei*: Remember to run all tests next time. At least a JPRT.
Thanks
Max
On Mar 7, 2014, at 10:25, Jason Uh wrote:
> Please review this fix for 8036844, which updates the path to a keystore used
> in a couple of tests. The path is no longer accurate after the recent chang
Hi All
Please take a review of
http://cr.openjdk.java.net/~weijun/8035963/webrev.00/
I've added a ratio variable to these timeout related tests. The ratio is now
set to 2 (one exception, 3 for BadKdc2). This is mainly an experiment to how if
they can be more stable when running slower. We w
Please review the fix at
http://cr.openjdk.java.net/~weijun/8036971/webrev.00/
bug is
https://bugs.openjdk.java.net/browse/JDK-8036971
Before the enhancement JDK-8029994 is available, a bug fix is needed.
Thanks
Max
Ping again.
--Max
On Mar 7, 2014, at 15:31, Wang Weijun wrote:
> Hi All
>
> Please take a review of
>
> http://cr.openjdk.java.net/~weijun/8035963/webrev.00/
>
> I've added a ratio variable to these timeout related tests. The ratio is now
> set to 2 (one ex
nsider Alan's suggestion?
>
> Xuelei
>
>> On 3/11/2014 5:54 PM, Wang Weijun wrote:
>> Ping again.
>>
>> --Max
>>
>>> On Mar 7, 2014, at 15:31, Wang Weijun wrote:
>>>
>>> Hi All
>>>
>>> Please take a review of
>
Hi All
I have an interface that wraps an integer, like this
interface Wrapper {
int getX();
}
Why cannot I add a default toString method
default String toString() {
return "This is " + getX();
}
The error is
error: default method toString in interface DSAPublicKey overri
" added to make
> sure that it is.
My understanding is that since EOC is used to end an existing indef len
structure, it cannot appear as the 1st tag in the BER. Therefore the 1st
writeTag() always write a non-EOC tag into the 1st byte of output, which is
also the 1st byte of the input, s
Tiny webrev at
http://cr.openjdk.java.net/~weijun/8037262/webrev.00/
Thanks
Max
), the acceptor would need to send back a response, i.e.
an AP-REP.
Thanks
Max
>
> --Sean
>
> On 03/12/2014 10:18 PM, Wang Weijun wrote:
>> Tiny webrev at
>>
>>http://cr.openjdk.java.net/~weijun/8037262/webrev.00/
>>
>> Thanks
>> Max
>>
>
NativeUtil.h:
88: How about puts(s) or printf("%s", s) (in case s includes "%")?
NativeUtil.c:
514-516: not necessary?
539-543: Why not TRACEn here?
639-659: It looks like if cbytes == NULL then the function returns NULL with no
exception throwing and this would break something in GSSLibStub.
What is the problem now? Test fails after 120 seconds of default timeout?
This SO_TIMEOUT could be useful to make sure a test fails early, but I am not
sure if the value is big enough. If the failure is rare, I would choose 30
seconds.
--Max
On Mar 17, 2014, at 16:34, Xuelei Fan wrote:
> Hi,
On Mar 17, 2014, at 17:06, Xuelei Fan wrote:
> On 3/17/2014 4:59 PM, Wang Weijun wrote:
>> What is the problem now? Test fails after 120 seconds of default timeout?
>>
> These test are for shell script tests. The bug reported stated the
> server did not terminated on Win
Looks good now. Thanks.
--Max
On Mar 17, 2014, at 17:17, Xuelei Fan wrote:
> Update to use 30 seconds:
>
> http://cr.openjdk.java.net/~xuelei/8037346/webrev.00/
Hi
Please take a review at
http://cr.openjdk.java.net/~weijun/8038754/webrev.00/
Before JDK-8031003, the debug message inside native JGSS is printed out on the
Java side using
System.out.println(msg);
but after it, it is printed on the C side using
puts(msg);
and no newline will be
On Mar 30, 2014, at 23:27, Wang Weijun wrote:
> Hi
>
> Please take a review at
>
> http://cr.openjdk.java.net/~weijun/8038754/webrev.00/
>
> Before JDK-8031003, the debug message inside native JGSS is printed out on
> the Java side using
>
> System.out.p
Webrev updated at
http://cr.openjdk.java.net/~weijun/8038754/webrev.01/
'printf(s); printf("\n")' is now 'printf(s"\n");'. One less call, and seems an
extra benefit to force /s/ being a real literal. At least it compiles now.
Thanks
Max
On Mar 30, 2
the return value is a Boolean (instead of boolean) and could be null.
Thanks
Max
On Jan 29, 2014, at 5:46, Sean Mullan wrote:
> On 01/28/2014 03:53 AM, Wang Weijun wrote:
>> Please review the fix at
>>
>> http://cr.openjdk.java.net/~weijun/8029995/webrev.00/
>>
>>
Please review the code changes at
http://cr.openjdk.java.net/~weijun/8039853/webrev.00/
If you find it confused, I have mistakenly pushed some code changes in
http://hg.openjdk.java.net/jdk9/dev/jdk/rev/ba6e2fcdfa15
and the current code change is trying to fix/enhance it. Altogether, the ac
me engines require certain
> parameters to be be present on creation, and a newInstance(null) will trigger
> that exception.
>
> HTH,
>
> Brad
>
>
>
> On 4/15/2014 8:01 AM, Sean Mullan wrote:
>> Looks fine to me.
>>
>> --Sean
>>
>>
Hi All
There are two bugs. The first one is:
https://bugs.openjdk.java.net/browse/JDK-8040068
8040068: SolarisSystem should be @Deprecated and @jdk.Exported(false)
of which the code change is simply
--- a/src/share/classes/com/sun/security/auth/module/SolarisSystem.java
+++ b/src/share/cl
Please review these two code changes:
8039358: com.sun.jarsigner.ContentSignerParameters.getTSAPolicyID() should be a
default method
http://cr.openjdk.java.net/~weijun/8039358/webrev.01/
8038837: Add support to jarsigner for specifying timestamp hash algorithm
http://cr.openjdk.java.net/~weijun/
On Apr 19, 2014, at 1:14, Sean Mullan wrote:
>> In fact, when a login module is not found, an exception will be
>> thrown immediately even if it's marked optional. Now that these
>> modules are available on all platforms, this won't happen anymore. If
>> you think this behavior is incorrect, we
On Apr 18, 2014, at 2:22, Sean Mullan wrote:
> * Config.java
>
> - update copyright year
Will add it before the push. I could work on multiple bugs of a single file and
cannot determine which one gets pushed first.
> [202] can you log the IOException?
OK.
Thanks
Max
>>http://cr.openjd
Please review the changes at
http://cr.openjdk.java.net/~weijun/8040321/webrev.00
Most are simple, except that ts.sh needs to call TimeSTampCheck.java which then
calls jarsigner, therefore more hops.
To test the change, I modify my own keytool and jarsigner so that they fails
when a certain
On Apr 24, 2014, at 19:17, Wang Weijun wrote:
> Please review the changes at
>
> http://cr.openjdk.java.net/~weijun/8040321/webrev.00
>
> Most are simple, except that ts.sh needs to call TimeSTampCheck.java which
> then calls jarsigner, therefore more hops.
>
&g
How about this? I will support "s" and "ms" units ("ms" is not defined by other
vendors though). But will still try to be a little smart when there is no unit.
--Max
On May 15, 2014, at 10:09, Xuelei Fan wrote:
> The actual problem is, what if I want to use 121 seconds? It is a
> possible time
Hi All
I am a member of Oracle's Java SE security team, and recently we found a bug
about the inconsistency of the kdc_timeout setting between Java and other
vendors. Java does not support specifying a unit and always treats the value as
milliseconds. While the others support units and when no
Hi All
I am a member of Oracle's Java SE security team, and recently we found a bug
about the inconsistency of the kdc_timeout setting between Java and other
vendors. Java does not support specifying a unit and always treats the value as
milliseconds. While the others support units and when no
, at 9:48 PM, chris...@zoulas.com wrote:
>>
>> On May 18, 10:06am, weijun.w...@oracle.com (Wang Weijun) wrote:
>> -- Subject: Re: RFR 8036779: sun.security.krb5.KdcComm interprets kdc_timeout
>>
>> | How about this? I will support "s" and "ms" unit
Hi All
Please review the code changes at
http://cr.openjdk.java.net/~weijun/8043537/webrev.02/
The fix creates geteuid() in sun.misc.VM so DflCache.java does not depend on
JAAS modules anymore. Alan suggested me to add some similar methods so other
people can use it.
Thanks
Max
Hi All
Please review the code change at
http://cr.openjdk.java.net/~weijun/8036709/webrev.01/
Before this change, jarsigner simply put a cert chain into a CertPath and
validate it. If the CertPath contains a trust anchor inside, the validation
could fail even if it should not. This fix sear
I just treat
them as an unordered set of certs, it seems too tolerant.
--Max
>
> --Sean
>
> On 05/21/2014 08:20 PM, Wang Weijun wrote:
>> Hi All
>>
>> Please review the code change at
>>
>>http://cr.openjdk.java.net/~weijun/8036709/webrev.01/
>&g
Hi Valerie
I am working on breaking JGSS into modules and is now looking at
sun/security/jgss/GSSUtil.java. There is a method
public static Vector
searchSubject(final GSSNameSpi name,
final Oid mech,
final boolean initiate,
rosKey/Ticket).
>
> However, the app can do whatever they want when constructing their own
> Subject objects. Although I am not sure if any such usage exists.
I'll read more code history to see if there is a convention.
Thanks
Max
>
> Valerie
>
> On 05/27/14 03:50, W
New webrev at
http://cr.openjdk.java.net/~weijun/8036779/webrev.01/
The value can take the form of a bare non-negative integer in milliseconds, or
a non-negative integer followed by "s" (no space between) in seconds.
Thanks
Max
On May 19, 2014, at 21:49, Wang Weijun wrote:
&g
Vinnie
The bug report shows sun/security/tools/keytool/autotest.sh also failed. The
test includes
LIBNAME=`find_one \
"/usr/lib/libsoftokn3.so" \
"/usr/lib/i386-linux-gnu/nss/libsoftokn3.so" \
"/usr/lib/nss/libsoftokn3.so"`
Maybe adding a line for /us
;
>> On 29 May 2014, at 14:40, Wang Weijun wrote:
>>
>>> Vinnie
>>>
>>> The bug report shows sun/security/tools/keytool/autotest.sh also failed.
>>> The test includes
>>>
>>> LIBNAME=`find_one \
>>> "/us
unny codes:
void day_of_my_life() {
...
if (hour > 9 && hour < 18)
goto work;
goto work;
time_to_play();
}
Thanks
Max
>
>
> Xuelei
>
> [1]: http://sim.ivi.co/2014/02/love-to-use-braces-even-for-single-line.html
>
>
>
Please review a new test at
http://cr.openjdk.java.net/~weijun/8044755/webrev.00/
It makes sure the CertPath validation check in jarsigner matches the algorithm
constraints check on key sizes.
Thanks
Max
o remove the temporary files (a.jar, ks, etc) after a
> testing.
>
> Xuelei
>
> On 6/4/2014 2:21 PM, Wang Weijun wrote:
>> Please review a new test at
>>
>> http://cr.openjdk.java.net/~weijun/8044755/webrev.00/
>>
>> It makes sure the CertPath va
On Jun 4, 2014, at 16:20, Xuelei Fan wrote:
> FYI, I'd like to remove the temporary files (a.jar, ks, etc) after a
> testing.
Oh, my habit is to always keeping them so that if anything goes wrong there is
a chance to look at what's happening. Also, jtreg takes care of removing or
retaining th
Looks fine. Please remember to add a noreg-cleanup to JBS.
Thanks
Max
On Jun 4, 2014, at 17:38, Xuelei Fan wrote:
> Hi,
>
> Please review this code conversion cleanup update:
>
>http://cr.openjdk.java.net/~xuelei/8044771/webrev.00/
>
> Webrev toolkit ignore space update so the webrev abo
On Jun 4, 2014, at 16:26, Wang Weijun wrote:
> Oh, I was just updating the webrev to
>
> http://cr.openjdk.java.net/~weijun/8044755/webrev.01/
Are you OK with this 2nd version of webrev?
Thanks
Max
>
> As we've just discussed offline, the reason the 2nd jarsigner call
Please review the code changes in
http://cr.openjdk.java.net/~weijun/8023197/webrev.02
This enhancement allows you to put frequently used keytool/jarsigner options
into a property file and use -conf to load it. Like this:
# A Pre-configured options file
keytool.all = -storepass:env PASS -
Please review the fix at
http://cr.openjdk.java.net/~weijun/8044747/webrev.00
which is just a simple
-if [ -e $HOME/.java.policy ]; then
+if [ -f $HOME/.java.policy ]; then
I always forget that Solaris sh does not support test -e.
Thanks
Max
/tools/keytool/Main.java
> 404for (i=0; i < args.length; i++) {
> Break after the found of the target options? Or loop from the end of
> the array?
Same reason as above.
>
> 429 System.out.println("Command line args: " +
> Define a new resource?
Same reason as ab
On Jun 10, 2014, at 14:01, Xuelei Fan wrote:
> On 6/10/2014 12:37 PM, Wang Weijun wrote:
>>
>> On Jun 6, 2014, at 20:22, Xuelei Fan wrote:
>>
>>> src/share/classes/sun/security/tools/KeyStoreUtil.java
>>> ===
Hi Jamil
Sorry I've just read the webrev.
If you always throw an NPE after a collectionNullClean() call, isn't it simpler
to let the method throw the NPE?
Also, Objects.requireNonNull(o, msg) can be used in those "if (o == null)"
cases.
Thanks
Max
On Jun 10, 2014, at 23:32, Sean Mullan wrot
Hi All
Please review the code change at
http://cr.openjdk.java.net/~weijun/8046499/webrev.00/
It simply removes all #ifdef DEBUG blocks. They are not really useful but the
output pollutes the stdout stream. We can use the sun.security.krb5.debug
system property if there are future debug info
Hi All
Please review the code change at
http://cr.openjdk.java.net/~weijun/7150092/webrev.00/
The problem is that in NTLM, the server might prompt for a domain name (in Type
2 message), and the client can also provide one. Before this fix, if the two
are different, the client chooses the one
Why
@@ -968,14 +963,10 @@
readOnly = gf.get("readOnly", false);
Set inputPrincs = (Set)gf.get("principals",
null);
// Rewrap the principals into a SecureSet
-if (inputPrincs == null) {
-throw new NullPointerException
-(Resources
Oh, I made the mistake again, on Solaris "export ENV=var" is not always correct.
Please review the code change at
http://cr.openjdk.java.net/~weijun/8046702/webrev.00/
The fix is as simple as
-START-
diff --git a/test/sun/security/tools/keytool/default_options.sh
b/test/sun/security
On Jun 19, 2014, at 0:17, Sean Mullan wrote:
> Just a few comments on Config.java:
>
> 479 if (dups.contains(file)) {
> 480 throw new IOException("Profile path included more than once");
> 481 } else {
> 482 dups.add(file);
> 483 }
>
> This could
52, Sean Mullan wrote:
> On 06/19/2014 01:39 AM, Wang Weijun wrote:
>>> >570 public Void run() throws Exception {
>>> >
>>> >This can be declared to throw IOException, then you can change lines
>>> >586-591 to:
>>&g
Ping again.
On Jun 12, 2014, at 14:07, Wang Weijun wrote:
> Hi All
>
> Please review the code change at
>
> http://cr.openjdk.java.net/~weijun/7150092/webrev.00/
>
> The problem is that in NTLM, the server might prompt for a domain name (in
> Type 2 message),
Hi All
Please review the code change at
http://cr.openjdk.java.net/~weijun/8014870/webrev.00/
In Kerberos, when trying to request for a ticket, we tried multiple KDC servers
for multiple times. Before this fix, we connect to a server, wait for 30
seconds (the default kdc_timeout). If there
Please review the fix at
http://cr.openjdk.java.net/~weijun/8048073/webrev.00/
Running native krb5 could generate a ccache file like this
Valid starting ExpiresService principal
06/25/14 14:05:06 06/26/14 00:05:06 krbtgt/K1@K1
06/25/14 14:12:35 06/26/14 00:05:06 HTTP
On Jun 25, 2014, at 17:05, Xuelei Fan wrote:
> On 6/25/2014 4:48 PM, Wang Weijun wrote:
>> Please review the fix at
>>
>> http://cr.openjdk.java.net/~weijun/8048073/webrev.00/
>>
> Looks fine to me. It would be nice to add more comment about why you
> wa
Hi Valerie
Please review a fix at
http://cr.openjdk.java.net/~weijun/8048511/webrev.00/
A static code analysis tool is not happy to see the minor variable not
initialized (if none of the ifs in lines 652-658 returns true) and used in the
checkStatus() function. Although we know in that case
Hi All
Please review the fix at
http://cr.openjdk.java.net/~weijun/8047765/webrev.00/
where the generation of blacklisted.certs is moved from developer-manual to
build-auto. I copied the mechanisms from GENDATA_HTML32DTD.
One thing I am not sure about is that if I update the tool a little,
On Jul 2, 2014, at 12:48, David Holmes wrote:
>
> 73 // Output sorted for eye pleasure.
>
> ?? "eye pleasure"
Well, it's easy for a human to locate one from a sorted output. Or maybe it's
because the old one is sorted and I don't want the new one looks ugly.
--Max
Please review the fix at
http://cr.openjdk.java.net/~weijun/8042053/webrev.00/
The Unix-style doc for security tools are in unix/ since JDK 8.
Thanks
Max
On Jul 2, 2014, at 15:02, Alan Bateman wrote:
> On touch the tool then does this happen for other tools too? I assume it
> does, in which case you could submit a build bug to improve this.
Yes, it does. https://bugs.openjdk.java.net/browse/JDK-8049024 filed.
--Max
On Jul 2, 2014, at 20:50, Sean Mullan wrote:
> On 07/02/2014 01:02 AM, Wang Weijun wrote:
>>
>> On Jul 2, 2014, at 12:48, David Holmes wrote:
>>
>>>
>>> 73 // Output sorted for eye pleasure.
>>>
>>> ?? "eye pleasure&q
Hi All
Please review the code change at
http://cr.openjdk.java.net/~weijun/8044085/webrev.00
With this change, all existing (and future) InquireType values for
ExtendedGSSContext.inquireSecContext() are available to the SASL GSSAPI
mechanism as negotiated properties.
Code change is in GssK
1 - 100 of 734 matches
Mail list logo