Christopher Hegarty - Sun Microsystems Ireland wrote:
Hi Andrew, Michael,
This review is to forward port the following three bugs from 6uXX to
JDK7:
6614957: HttpsURLConnection not using the set SSLSocketFactory for
creating all its Sockets
6771432: createSocket() - smpatch fail
Christopher Hegarty - Sun Microsystems Ireland wrote:
Dooh! Webrev:
http://cr.openjdk.java.net/~chegar/6614957/webrev.00/webrev/
Looks fine to me.
Andrew
-Chris.
On 22/03/2010 16:01, Christopher Hegarty - Sun Microsystems Ireland
wrote:
Hi Andrew, Michael,
This review is to forward por
Changeset: 31517a0345d1
Author:xuelei
Date: 2010-03-29 13:27 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/31517a0345d1
6693917: regression tests need to update for supporting ECC on solaris 11
Reviewed-by: weijun
! test/sun/security/ssl/etc/keystore
! test/sun/security/ssl
Changeset: 89f4ec9e4b33
Author:xuelei
Date: 2010-04-10 09:13 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/89f4ec9e4b33
6941936: Broken pipe error of test case DNSIdentities.java
Reviewed-by: chegar
!
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSI
Changeset: 56217857ccd7
Author:xuelei
Date: 2010-07-24 22:59 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/56217857ccd7
6867345: Turkish regional options cause NPE in
sun.security.x509.AlgorithmId.algOID
Reviewed-by: mullan, weijun
! src/share/classes/sun/security/krb5/Cre
Changeset: 83be262e654c
Author:xuelei
Date: 2010-07-27 16:07 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/83be262e654c
6870947: 15 sec delay detecting "socket closed" condition when a TCP connection
is reset by an LDAP server
Reviewed-by: weijun
! src/share/classes/com/su
Changeset: 93cd7e89adb8
Author:xuelei
Date: 2010-10-30 18:39 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/93cd7e89adb8
4873188: Support TLS 1.1
Reviewed-by: wetmore, weijun
! src/share/classes/javax/net/ssl/SSLSocketFactory.java
! src/share/classes/sun/security/internal/sp
Changeset: d26730767789
Author:xuelei
Date: 2010-11-01 07:57 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d26730767789
6792180: Enhance to reject weak algorithms or conform to crypto recommendations
Reviewed-by: mullan, weijun, wetmore
+ src/share/classes/java/security/Alg
On 11/2/2010 1:27 AM, Henry B. Hotz wrote:
> TLS 1.2?
>
This is the implementation of TLS 1.1.
Andrew
> On Oct 30, 2010, at 3:47 AM, xuelei@oracle.com wrote:
>
>> Changeset: 93cd7e89adb8
>> Author:xuelei
>> Date: 2010-10-30 18:39 +0800
>> URL: http://hg.openjdk.java.net/jdk7/
Changeset: 9d6a9f65d2bf
Author:xuelei
Date: 2010-11-01 22:02 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9d6a9f65d2bf
6916074: Add support for TLS 1.2
6985179: To support Server Name Indication extension for JSSE client
Summary: Introduces the algorithm constraints to supp
Changeset: b66c09b7ce85
Author:xuelei
Date: 2010-11-20 07:00 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b66c09b7ce85
6903584: Legal notice repair: Three files under
jdk/src/share/classes/sun/security/ssl/
Reviewed-by: weijun
! src/share/classes/sun/security/ssl/Krb5Help
Changeset: 0e0bdcd9c101
Author:xuelei
Date: 2010-12-02 23:44 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0e0bdcd9c101
6979376: to have ldap filters tolerate underscore character in object identifier
Reviewed-by: weijun
! src/share/classes/com/sun/jndi/ldap/Filter.java
! t
Changeset: e6ed7c95d94f
Author:xuelei
Date: 2010-12-15 22:42 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e6ed7c95d94f
7006265: Javadoc warnings
Reviewed-by: weijun
! src/share/classes/javax/net/ssl/X509ExtendedTrustManager.java
Changeset: 0d826185a92e
Author:xuelei
Date: 2010-12-22 06:28 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0d826185a92e
6996365: Evaluate the priorities of cipher suites
Reviewed-by: wetmore
! src/share/classes/sun/security/ssl/CipherSuite.java
Changeset: d4bc38aa7594
Author:xuelei
Date: 2011-02-01 04:45 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d4bc38aa7594
7011497: new CertPathValidatorException.BasicReason enum constant for
constrained algorithm
Summary: add new BasicReason and improve trust anchor searchin
Changeset: 44c99f30f9df
Author:xuelei
Date: 2011-02-14 13:31 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/44c99f30f9df
7018897: CertPath validation cannot handle self-signed cert with bad KeyUsage
Summary: Remove KeyUsage checking for trust anchors
Reviewed-by: mullan
! sr
Changeset: fa9d7e241517
Author:xuelei
Date: 2011-03-14 09:05 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/fa9d7e241517
7009794: misleading text in SSLHandshakeException exception message
Summary: update the warning message
Reviewed-by: weijun
! src/share/classes/sun/securi
Changeset: 8b7f0a3a0b2e
Author:xuelei
Date: 2011-03-15 23:08 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8b7f0a3a0b2e
7025073: Stricter check on trust anchor makes VerifyCACerts.java test fail
Summary: loosen the check for version 1 and 2 X.509 certificate
Reviewed-by: mul
Changeset: e3efbb250c0c
Author:xuelei
Date: 2011-03-15 23:13 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e3efbb250c0c
7022855: Export "PKIX" as the standard algorithm name of KeyManagerFactory
Summary: export the existing "NewSunX509" algorithm implementation using the
st
Changeset: 320bdab4cb2a
Author:xuelei
Date: 2011-03-17 08:55 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/320bdab4cb2a
7028422: regression: SKID miss-matching
Summary: Do not override the previous setting for initial selection.
Reviewed-by: mullan
!
src/share/classes/sun/
Changeset: ef5bbbe0dd75
Author:xuelei
Date: 2011-03-21 22:02 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ef5bbbe0dd75
7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2
Summary: the signature of server key exanage message could be null
Reviewed-by: vin
Changeset: 3fee1c67bd10
Author:xuelei
Date: 2011-03-23 20:07 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3fee1c67bd10
7029848: KeyStoreBuilderParameters((Builder)null) does not throw
NullPointerException
Summary: throws NPE for null Builder
Reviewed-by: weijun
! src/shar
Changeset: b921112e39d3
Author:xuelei
Date: 2011-03-23 20:25 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b921112e39d3
7030523: regression: imporper checking of paramater
Reviewed-by: weijun
! src/share/classes/javax/net/ssl/KeyStoreBuilderParameters.java
Changeset: 9c29dd06e138
Author:xuelei
Date: 2011-04-08 02:00 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9c29dd06e138
6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets
without TLSv1.1 enabled
Summary: Reorg the SSLContext implementation
Reviewed-by:
Changeset: 6e306c3aa17b
Author:xuelei
Date: 2011-04-12 08:27 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6e306c3aa17b
6882437: CertPath/X509CertPathDiscovery/Test fails on jdk7/pit/b62
Summary: Pass trust anchors to CRL certification path building, support CRLs
without AK
Changeset: 99156e4f26ea
Author:xuelei
Date: 2011-05-11 20:39 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/99156e4f26ea
7043514: NPE in sun.security.ssl.JsseJce.isEcAvailable
Reviewed-by: weijun, vinnie, wetmore
! src/share/classes/sun/security/ssl/JsseJce.java
Changeset: 3b7193ab0d87
Author:xuelei
Date: 2011-06-22 19:37 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3b7193ab0d87
6952814:
sun/security/ssl/com/sun/net/ssl/internal/ssl/InputRecord/InterruptedIO.java
failing in PIT
Reviewed-by: alanb
-
test/sun/security/ssl/com/sun
Changeset: 57265bf4b36b
Author:xuelei
Date: 2011-06-22 21:21 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/57265bf4b36b
7058271: Remove InterruptedIO.java record from ProblemList.txt
Reviewed-by: weijun
! test/ProblemList.txt
Changeset: cd7adb545f71
Author:xuelei
Date: 2011-06-23 04:23 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cd7adb545f71
7057022: test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java has invalid
jtreg tags
Reviewed-by: weijun
! test/sun/security/pkcs11/fips/ClientJSSESer
Changeset: 5355b9ccd19d
Author:xuelei
Date: 2011-07-19 08:21 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5355b9ccd19d
7059709: close the IO in a final block
Reviewed-by: smarks, mullan, wetmore
! src/share/classes/sun/security/ssl/SSLContextImpl.java
! src/share/classes/s
Changeset: 99dc852080e1
Author:xuelei
Date: 2011-07-19 21:47 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/99dc852080e1
7065972: Some race condition may happen in SSLSocketImpl class
Reviewed-by: wetmore, weijun, dgu
! src/share/classes/sun/security/ssl/SSLSocketImpl.java
Hi,
In JNDI implementation, String.toUpperCase() and String.toLowerCase() is
used to compare or hashcode case-insensitive strings. These operations
are locale dependent, and may result in unexpected behaviors in some
locale.[1]
This fix is try to interpret case-insensitive string locale
independe
Ping ...
Xuelei
On 7/21/2011 3:26 PM, Xuelei Fan wrote:
> Hi,
>
> In JNDI implementation, String.toUpperCase() and String.toLowerCase() is
> used to compare or hashcode case-insensitive strings. These operations
> are locale dependent, and may result in unexpected behaviors in s
Changeset: cea7c749f805
Author:xuelei
Date: 2011-07-29 02:50 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cea7c749f805
7068662: Reserve and restore the default locale
Reviewed-by: alanb, weijun
! test/com/sun/org/apache/xml/internal/security/exceptions/LocaleTest.java
! te
The fix also
include Alan's fix of JNDI compiler warnings.
Thanks,
Xuelei
On 7/25/2011 8:39 AM, Xuelei Fan wrote:
> Ping ...
>
> Xuelei
>
> On 7/21/2011 3:26 PM, Xuelei Fan wrote:
>> Hi,
>>
>> In JNDI implementation, String.toUpperCase() and String.toLowe
Hi Weijun,
Please pending the code review. Another thread is addressing the warning
issues in JNDI, I will wait for a while to remove the warning update
from this fix.
Thanks,
Xuelei
On 7/30/2011 9:52 PM, Xuelei Fan wrote:
> Hi Weijun,
>
> It was "test/javax/naming
Changeset: b07cf6cbb62a
Author:xuelei
Date: 2011-08-15 00:30 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b07cf6cbb62a
7063647: To use synchronized map in key manager
Reviewed-by: wetmore, weijun
! src/share/classes/sun/security/ssl/SunX509KeyManagerImpl.java
Changeset: 21f4d2d96191
Author:xuelei
Date: 2011-08-22 18:21 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/21f4d2d96191
7081817:
test/sun/security/provider/certpath/X509CertPath/IllegalCertiticates.java
failing
Reviewed-by: alanb, weijun
! src/share/classes/sun/security/p
Changeset: e4729ad0d7b5
Author:xuelei
Date: 2011-08-27 02:17 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e4729ad0d7b5
7084040: Clearup warning in HttpsURLConnection
Reviewed-by: xuelei
Contributed-by: nsebastian.sickelm...@gmx.de
! src/share/classes/javax/net/ssl/HttpsURL
Sorry that there is a typo of the email address of the contributor. The mail
address should be sebastian.sickelm...@gmx.de. My apologies for my mistake.
Xuelei
On Aug 27, 2011, at 5:18 PM, xuelei@oracle.com wrote:
> Changeset: e4729ad0d7b5
> Author:xuelei
> Date: 2011-08-27 02:17 -
Hi Weijun,
Would you please review the new update? I also include the changes in
security components.
webrev: webrev: http://cr.openjdk.java.net/~xuelei/7059542/webrev.01/
Thanks,
Xuelei
On 8/1/2011 9:48 AM, Xuelei Fan wrote:
> Hi Weijun,
>
> Please pending the code review. Another
Changeset: 02c2d38f4271
Author:xuelei
Date: 2011-08-29 05:55 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/02c2d38f4271
7059542: JNDI name operations should be locale independent
Reviewed-by: weijun
! src/share/classes/com/sun/jndi/ldap/ClientId.java
! src/share/classes/com
Changeset: ffa762153af4
Author:xuelei
Date: 2011-09-28 15:10 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ffa762153af4
7092375: Security Libraries don't build with javac -Werror
Summary: Changes to security related java and make files to remove warnings
Reviewed-by: xuelei
Changeset: 6e59c482e9b8
Author:xuelei
Date: 2011-10-28 07:18 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6e59c482e9b8
7105940: Test regression: KeyStore must be from provider SunPKCS11-NSSKeyStore
Reviewed-by: weijun
! test/sun/security/pkcs11/fips/CipherTest.java
! test/
Changeset: 30900a1a9cfc
Author:xuelei
Date: 2011-10-30 20:07 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/30900a1a9cfc
7106277: Brokenness in the seqNumberOverflow of MAC
Reviewed-by: wetmore
! src/share/classes/sun/security/ssl/MAC.java
Changeset: 5c7c83a6ee24
Author:xuelei
Date: 2011-11-14 01:21 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5c7c83a6ee24
7111548: unexpected debug log message
Reviewed-by: wetmore
! src/share/classes/sun/security/ssl/SSLSocketImpl.java
Changeset: 82151e860a64
Author:xuelei
Date: 2011-11-23 03:40 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/82151e860a64
7113275: compatibility issue with MD2 trust anchor and old X509TrustManager
Summary: also reviewed by dennis...@oracle.com
Reviewed-by: mullan
! src/share
Changeset: d1928ae4e0a2
Author:xuelei
Date: 2011-11-28 02:35 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d1928ae4e0a2
7115524: sun.security.provider.certpath.ssl.SSLServerCertStore no longer works
Reviewed-by: weijun
! src/share/classes/sun/security/provider/certpath/ssl/
Changeset: 11e52d5ba64e
Author:xuelei
Date: 2012-01-12 03:39 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/11e52d5ba64e
7106773: 512 bits RSA key cannot work with SHA384 and SHA512
Reviewed-by: weijun
! src/share/classes/sun/security/pkcs11/P11Cipher.java
! src/share/classe
Webrev: http://cr.openjdk.java.net/~xuelei/7132248/webrev.00/
In JDK 8, the regression tests of JSSE (HTTP/TLS) run in agentvm mode.
In agentvm mode, multiple threads may share the thread pool. SunJSSE
implementation initialize the SSL/TLS context at the first time the
context get loaded, a
Remove the serviceabilty-dev.
Thanks for the quick code review.
Xuelei
On 1/23/2012 8:25 PM, Alan Bateman wrote:
On 23/01/2012 12:21, Xuelei Fan wrote:
Webrev: http://cr.openjdk.java.net/~xuelei/7132248/webrev.00/
In JDK 8, the regression tests of JSSE (HTTP/TLS) run in agentvm
mode. In
Changeset: d383b5d128e3
Author:xuelei
Date: 2012-01-23 04:44 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d383b5d128e3
7132248:
sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java
failing
Reviewed-by: alanb
!
test/sun/security/ssl/s
Changeset: da8b8ee281f9
Author:xuelei
Date: 2012-02-10 22:17 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/da8b8ee281f9
7144781: incorrect URLs in JSSE java doc
Reviewed-by: wetmore, skannan
! src/share/classes/javax/net/ssl/ExtendedSSLSession.java
! src/share/classes/javax
Changeset: 45804d661008
Author:xuelei
Date: 2012-02-15 23:45 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/45804d661008
7145837: a little performance improvement on the usage of SecureRandom
Reviewed-by: chegar, wetmore
! src/share/classes/sun/security/ssl/CipherSuite.java
Changeset: a4e3dde9a8a7
Author:xuelei
Date: 2012-02-21 05:44 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a4e3dde9a8a7
7147407: remove never used debug code in DnsClient.java
Reviewed-by: vinnie
! src/share/classes/com/sun/jndi/dns/DnsClient.java
Changeset: e700286746c9
Author:xuelei
Date: 2012-03-26 21:21 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e700286746c9
7155051: DNS provider may return incorrect results
Reviewed-by: weijun, chegar
! src/share/classes/com/sun/jndi/dns/DnsClient.java
Changeset: f0842ed897c3
Author:xuelei
Date: 2012-04-27 04:25 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f0842ed897c3
6996372: synchronizing handshaking hash
Summary: remove the unnecessary synchronization. Also reviewed by David
Schlosnagle (schlo...@gmail.com)
Reviewed-
Changeset: 71fdf32fdc65
Author:xuelei
Date: 2012-05-01 03:48 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/71fdf32fdc65
7158688: Typo in SSLContext Spec
Reviewed-by: weijun, wetmore
! src/share/classes/javax/net/ssl/SSLContext.java
Changeset: 41d3f7509e00
Author:xuelei
Date: 2012-05-04 17:28 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/41d3f7509e00
7153184: NullPointerException when calling
SSLEngineImpl.getSupportedCipherSuites
Reviewed-by: weijun
! src/share/classes/sun/security/ssl/SSLContextImpl
Changeset: fbf98cbd2e6b
Author:xuelei
Date: 2012-05-08 17:56 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/fbf98cbd2e6b
7167092: Need to put the return clause in the synchronized block
Summary: a regression fix for bug 7153184
Reviewed-by: wetmore
! src/share/classes/sun/se
Changeset: 0f63f3390ac9
Author:xuelei
Date: 2012-05-08 18:08 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0f63f3390ac9
7166570: JSSE certificate validation has started to fail for certificate chains
Reviewed-by: wetmore
! src/share/classes/sun/security/validator/SimpleVali
Changeset: df3152beef2f
Author:xuelei
Date: 2012-05-14 07:26 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/df3152beef2f
7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one
trust anchor is specified
Reviewed-by: mullan
! src/share/classes/sun/securit
Changeset: 9fe6ebbe5895
Author:xuelei
Date: 2012-05-17 21:59 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9fe6ebbe5895
7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows
Reviewed-by: vinnie, wetmore
! test/sun/security/mscapi/ShortRSAKey1024.sh
! test/sun/s
Changeset: f8e72d7ff37d
Author:xuelei
Date: 2012-06-06 18:18 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f8e72d7ff37d
7174244: NPE in Krb5ProxyImpl.getServerKeys()
Reviewed-by: weijun
! src/share/classes/sun/security/ssl/SSLContextImpl.java
! src/share/classes/sun/securit
Changeset: 713b10821c3d
Author:xuelei
Date: 2012-06-06 18:39 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/713b10821c3d
7172149: ArrayIndexOutOfBoundsException from Signature.verify
Summary: take care of integer addition overflow
Reviewed-by: xuelei, wetmore
Contributed-by:
Changeset: cdcbd22cfb9d
Author:xuelei
Date: 2012-06-19 17:28 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cdcbd22cfb9d
7166487: checkSequenceNumber method never called within readRecord of
SSLEngineImpl
Reviewed-by: weijun
! src/share/classes/sun/security/ssl/SSLEngineImp
Changeset: 3ae91286f313
Author:xuelei
Date: 2012-07-03 20:29 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3ae91286f313
7180038: regression test failure, SSLEngineBadBufferArrayAccess.java
Reviewed-by: weijun
!
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineIm
Changeset: e0e7cc711bda
Author:xuelei
Date: 2012-07-24 03:31 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e0e7cc711bda
7185576: Need to consider the connection timeout at
test/com/sun/jndi/ldap/InvalidLdapFilters.java
Reviewed-by: vinnie
! test/com/sun/jndi/ldap/InvalidLd
>From JDK 7, JSSE introduces a new hostname verifying approach. It is
call "endpoint identification" in JSSE context. It can be used to
replace the HostnameVerifier on SSLSession. A typical user case looks like:
1. implement a X509ExtendedTrustManager. It is required to check the
endpoint identifi
meters
> class
> (and an X509ExtendedTrustManager).
>
> So, we can drop HostnameVerifier from our API. Is that correct?
>
Yes.
Xuelei
> Thanks
> Michael
>
> On 08/08/12 13:10, Xuelei Fan wrote:
>> From JDK 7, JSSE introduces a new hostname verifying approach. It is
&
Hi,
This is the spec review for JEP 114 [1].
webrev: http://cr.openjdk.java.net/~xuelei/7068321/webrev_spec.10/
Network team, per RFC 6066, the host_name in TLS SNI extension need to
be encoded in ASCII. In SNIHostName, to get the ASCII-Compatible
Encoding (ACE), java.net.IDN is used to convert
.SocketOption & java.net.StandardSocketOptions, rather
>than an int. It would still be extendable, but more "Java like".
>
We also need to parse unknown server name types. Using integer is more
straightforward.
Thanks,
Xuelei
> -Chris.
>
> On 03/09/2012 03:05
Changeset: b7b33a3c9df0
Author:xuelei
Date: 2012-09-04 02:24 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b7b33a3c9df0
7195733: TEST_BUG:
sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/B6216082.java
failing
Reviewed-by: chegar, alanb, xuelei
Contributed-by
Changeset: 88a4f699d233
Author:xuelei
Date: 2012-09-18 06:51 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/88a4f699d233
7199066: Typo in method name
Reviewed-by: mullan
! src/share/classes/sun/security/ssl/SSLContextImpl.java
! src/share/classes/sun/security/ssl/SSLEngineIm
Changeset: a58585051c4b
Author:xuelei
Date: 2012-09-26 21:05 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a58585051c4b
7200295: CertificateRequest message is wrapping when using large numbers of
Certs
Reviewed-by: wetmore
! src/share/classes/sun/security/ssl/HandshakeMess
Changeset: 3f62cfc4e83d
Author:xuelei
Date: 2012-10-18 01:14 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3f62cfc4e83d
7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server
Reviewed-by: mullan, weijun, wetmore
! src/share/classes/javax/net/ssl/Extended
Changeset: 21f1b88e68ce
Author:xuelei
Date: 2012-10-19 20:36 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/21f1b88e68ce
8000954: Add final keyword to new method in SSLParameters
Reviewed-by: wetmore
! src/share/classes/javax/net/ssl/SSLParameters.java
Changeset: e782f3c383fe
Author:xuelei
Date: 2012-10-24 08:25 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e782f3c383fe
8001466: Nightly regression test failure of SSLSocketSNISensitive.java
Reviewed-by: weijun
! test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISe
Changeset: 9edfa0e761b9
Author:xuelei
Date: 2012-11-09 01:15 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9edfa0e761b9
8001569: Regression test GetPeerHost uses static port number
Reviewed-by: weijun
!
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/Ge
Changeset: 25e5df117021
Author:xuelei
Date: 2012-11-18 01:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/25e5df117021
8003587: Warning cleanup in package javax.net.ssl
Summary: Removes unnecessary imports and adds missing Override annotations
Reviewed-by: xuelei
Contribute
Changeset: f7d45462b225
Author:xuelei
Date: 2012-11-24 04:09 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f7d45462b225
8003950: Adds missing Override annotations and removes unnecessary imports in
sun.security.ssl
Reviewed-by: xuelei
Contributed-by: Florian Weimer
! src/
Changeset: d30c13172254
Author:xuelei
Date: 2012-11-24 04:27 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d30c13172254
8003951: Removes unused variables in sun.security.ssl
Reviewed-by: xuelei
Contributed-by: Florian Weimer
! src/share/classes/sun/security/ssl/HandshakeMe
Changeset: 46c627801490
Author:xuelei
Date: 2012-11-28 05:18 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/46c627801490
8004019: Removes unused method HandshakeHash.setCertificateVerifyAlg()
Summary: certification verification in HandshakeHash was abandoned during TLS
1.2 i
Changeset: ead651efb271
Author:xuelei
Date: 2012-12-03 06:00 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ead651efb271
8004184: security tests leave JSSEServer running
Summary: Use othervm mode to release resources, and correct the system
properties issues in JSSE
Reviewe
Changeset: 645d774b683a
Author:xuelei
Date: 2012-12-28 00:48 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/645d774b683a
7109274: Restrict the use of certificates with RSA keys less than 1024 bits
Summary: This restriction is applied via the Java Security property,
"jdk.cert
Changeset: 4472a641b4dc
Author:xuelei
Date: 2012-12-28 03:50 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4472a641b4dc
8003265: Need to clone array of input/output parameters
Reviewed-by: mullan
! src/share/classes/com/sun/jndi/dns/DnsContext.java
! src/share/classes/com/s
Changeset: edb7e34a0531
Author:xuelei
Date: 2013-01-14 18:31 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/edb7e34a0531
8006265: Add test SSLEngineDeadlock.java to ProblemList
Reviewed-by: weijun
! test/ProblemList.txt
Changeset: def2e05299b7
Author:xuelei
Date: 2013-03-01 02:34 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/def2e05299b7
7030966: Support AEAD CipherSuites
Reviewed-by: weijun, wetmore, valeriep
! src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java
! src/s
Changeset: 7bdb3e186497
Author:xuelei
Date: 2013-04-18 22:23 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7bdb3e186497
8006935: Need to take care of long secret keys in HMAC/PRF compuation
Reviewed-by: valeriep
! src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.ja
Changeset: 76998d11a643
Author:xuelei
Date: 2013-05-13 05:41 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/76998d11a643
8005535: SSLSessionImpl should have protected finalize()
Reviewed-by: weijun, wetmore
! src/share/classes/sun/security/ssl/SSLSessionImpl.java
Changeset: 46db0e633240
Author:xuelei
Date: 2013-05-13 06:05 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/46db0e633240
8005598: (reopened) Need to clone array of input/output parameters
Reviewed-by: weijun
! src/share/classes/com/sun/jndi/dns/DnsContext.java
! src/share/cl
Changeset: 6407106f1b1c
Author:xuelei
Date: 2013-05-30 22:02 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6407106f1b1c
8014618: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
Reviewed-by: xuelei
Contributed-by: Pasi Eronen
! src/share/classes/com/sun/
Changeset: 8402ef8fabde
Author:ascarpino
Date: 2013-05-30 22:19 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/8402ef8fabde
7160837: DigestOutputStream does not turn off digest calculation when "close()"
is called
Reviewed-by: mullan, xuelei
! src/share/classes/java/securit
Changeset: 6cb09d3cd309
Author:valeriep
Date: 2013-05-29 20:54 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6cb09d3cd309
8013069: javax.crypto tests fail with new PBE algorithm names
Summary: Shouldn't auto-generate default parameters for MAC objects.
Reviewed-by: vinnie
!
Changeset: 918d9ac17740
Author:ascarpino
Date: 2013-05-30 14:11 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/918d9ac17740
6750584: Cipher.wrap/unwrap methods should define UnsupportedOperationException
Reviewed-by: mullan
! src/share/classes/javax/crypto/Cipher.java
! src/
Changeset: 2d9da733014f
Author:xuelei
Date: 2013-06-18 18:50 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2d9da733014f
8000456: Add programmatic deadlock detection in SSLEngineDeadlock
Reviewed-by: wetmore
!
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl
Changeset: a76858faad59
Author:xuelei
Date: 2013-06-19 02:33 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a76858faad59
7188658: Add possibility to disable client initiated renegotiation
Reviewed-by: weijun, wetmore
! src/share/classes/sun/security/ssl/Handshaker.java
! src
Changeset: a44bd993ce93
Author:xuelei
Date: 2013-06-20 07:48 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a44bd993ce93
8017157: catch more exception in test RejectClientRenego
Reviewed-by: vinnie
!
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/RejectCli
Changeset: 0822bcddbd4f
Author:xuelei
Date: 2013-06-26 06:32 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0822bcddbd4f
8017049: rename property jdk.tls.rejectClientInitializedRenego
Reviewed-by: vinnie, wetmore, mullan
! src/share/classes/sun/security/ssl/Handshaker.java
!
Changeset: 60d1994f63f7
Author:xuelei
Date: 2013-06-27 19:22 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/60d1994f63f7
8019359: To comment why not use no_renegotiation to reject client initiated
renegotiation
Reviewed-by: wetmore
! src/share/classes/sun/security/ssl/Serve
101 - 200 of 237 matches
Mail list logo
