Hi Paul, thank you for the review! I´ll remove the extra blank line before pushing.
Best regards, Martin Von: Hohensee, Paul <hohen...@amazon.com> Datum: Mittwoch, 12. Mai 2021 um 00:00 An: Doerr, Martin <martin.do...@sap.com>, jdk-updates-...@openjdk.java.net <jdk-updates-...@openjdk.java.net>, security-dev <security-dev@openjdk.java.net> Cc: Langer, Christoph <christoph.lan...@sap.com> Betreff: Re: [11u] RFR: 8153005: Upgrade the default PKCS12 encryption/MAC algorithms There’s an extra blank line inserted at the end of java.security. Otherwise lgtm. I’m fine with using KnownOIDs.java from tip. One might object that now it’s in a different location and must be kept sync’ed with tip, but I don’t agree because the backported version must be updated only when a test that needs the update is backported, and if that’s needed it’ll be obvious what to do. Thanks, Paul From: security-dev <security-dev-r...@openjdk.java.net> on behalf of "Doerr, Martin" <martin.do...@sap.com> Date: Friday, April 30, 2021 at 9:35 AM To: "jdk-updates-...@openjdk.java.net" <jdk-updates-...@openjdk.java.net>, security-dev <security-dev@openjdk.java.net> Cc: "Langer, Christoph" <christoph.lan...@sap.com> Subject: [11u] RFR: 8153005: Upgrade the default PKCS12 encryption/MAC algorithms Hi, JDK-8153005 is backported to 11.0.12-oracle. I'd like to backport it for parity. It doesn't apply cleanly. Bug: https://bugs.openjdk.java.net/browse/JDK-8153005 CSR covering 11u: https://bugs.openjdk.java.net/browse/JDK-8228481 Original change: https://github.com/openjdk/jdk/commit/f77a6585 11u rejected hunks: http://cr.openjdk.java.net/~mdoerr/8153005_PKCS12_11u/8153005_PKCS12_rej.txt Resolution: - Regular code is trivial to resolve, but the tests are tricky and the hunks were mostly integrated manually. - Introduce test/lib/jdk/test/lib/KnownOIDs.java as copy from jdk head src/java.base/share/classes/sun/security/util/KnownOIDs.java with last change from Oct 2020. Put into package jdk.test.lib and using System.out as debug output stream. This should make future backports easier, too. - DerUtils.java: ObjectIdentifier interface is diffent in 11u (different constructors). - Hunks in GenerateAll.java were skipped because the affected code is not in 11u (JDK-8242068). 11u backport: http://cr.openjdk.java.net/~mdoerr/8153005_PKCS12_11u/webrev.00/ Please review. Best regards, Martin