On Thu, 2 Mar 2023 15:23:02 GMT, Weijun Wang wrote:
> dump-trust-setting
I have found some errors with dump-trust-settings like this one
https://github.com/wbond/package_control/issues/1017 but not sure if this is
related to what you saw on your test infrastructure.
-
PR: https:
On Thu, 23 Feb 2023 16:42:17 GMT, Sean Mullan wrote:
> The LDAPCertStore implementation passes Distinguished Names in CRL and
> Certificate URLs as Strings to JNDI APIs such as
> LdapContext.getAttributes(String), which then treats them as CompositeNames.
> This causes issues with URLs that ha
On Thu, 23 Feb 2023 16:42:17 GMT, Sean Mullan wrote:
> The LDAPCertStore implementation passes Distinguished Names in CRL and
> Certificate URLs as Strings to JNDI APIs such as
> LdapContext.getAttributes(String), which then treats them as CompositeNames.
> This causes issues with URLs that ha
On Thu, 2 Mar 2023 12:03:44 GMT, Pavel Rappo wrote:
> Please review this superficial documentation cleanup that was triggered by
> unrelated analysis of doc comments in JDK API.
>
> The only effect that this multi-area PR has on the JDK API Documentation
> (i.e. the observable effect on the ge
On Thu, 2 Mar 2023 12:03:44 GMT, Pavel Rappo wrote:
> Please review this superficial documentation cleanup that was triggered by
> unrelated analysis of doc comments in JDK API.
>
> The only effect that this multi-area PR has on the JDK API Documentation
> (i.e. the observable effect on the ge
On Thu, 2 Mar 2023 13:33:53 GMT, Matthias Baesken wrote:
> After 8278449, we seem to ignore in the call
>
> ` if (SecTrustSettingsCopyTrustSettings(certRef,
> kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) `
>
> all trusted certs from admin and system domains, so a lot mo
On Thu, 2 Mar 2023 16:07:58 GMT, Matthias Baesken wrote:
> > I'd like to contribute a test.
>
> Thanks for contributing the test. Any suggestion where to place the test ?
Maybe just in `test/jdk/java/security/KeyStore/`. Otherwise needs to create a
new dir and add it into some groups.
---
The LDAPCertStore implementation passes Distinguished Names in CRL and
Certificate URLs as Strings to JNDI APIs such as
LdapContext.getAttributes(String), which then treats them as CompositeNames.
This causes issues with URLs that have DNs with forward slashes. These are rare
but compliant wit
On Thu, 2 Mar 2023 15:23:02 GMT, Weijun Wang wrote:
> I'd like to contribute a test.
Thanks for contributing the test. Any suggestion where to place the test ?
-
PR: https://git.openjdk.org/jdk/pull/12829
On Thu, 2 Mar 2023 13:33:53 GMT, Matthias Baesken wrote:
> After 8278449, we seem to ignore in the call
>
> ` if (SecTrustSettingsCopyTrustSettings(certRef,
> kSecTrustSettingsDomainUser, &trustSettings) == errSecItemNotFound) `
>
> all trusted certs from admin and system domains, so a lot mo
On Tue, 28 Feb 2023 15:17:19 GMT, Matthias Baesken wrote:
> We have a (potential) early return in addCertificatesToKeystore in
> KeystoreImpl.m . This is implemented by the CHECK_NULL macro. However this
> missed a CFRelease call.
This pull request has now been integrated.
Changeset: b51ea420
On Thu, 2 Mar 2023 09:47:56 GMT, Matthias Baesken wrote:
>> We have a (potential) early return in addCertificatesToKeystore in
>> KeystoreImpl.m . This is implemented by the CHECK_NULL macro. However this
>> missed a CFRelease call.
>
> Matthias Baesken has updated the pull request incrementall
On Thu, 2 Mar 2023 13:54:05 GMT, Weijun Wang wrote:
> Thanks for the fix. I almost think we should invent a CHECK_NULL_GOTO_ERROUT
> macro, but your fix is also OK.
I think I discussed a while back some extended CHECK_NULL_ - macros (I think
it was for freeing before return) but it was not s
On Thu, 2 Mar 2023 08:22:58 GMT, Matthias Baesken wrote:
>> src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m line 431:
>>
>>> 429: CFRelease(trustSettings);
>>> 430: goto errOut;
>>> 431: }
>>
>> Do you also need to switch to `goto errOut` fo
On Thu, 2 Mar 2023 09:47:56 GMT, Matthias Baesken wrote:
>> We have a (potential) early return in addCertificatesToKeystore in
>> KeystoreImpl.m . This is implemented by the CHECK_NULL macro. However this
>> missed a CFRelease call.
>
> Matthias Baesken has updated the pull request incrementall
On Thu, 2 Mar 2023 09:47:56 GMT, Matthias Baesken wrote:
>> We have a (potential) early return in addCertificatesToKeystore in
>> KeystoreImpl.m . This is implemented by the CHECK_NULL macro. However this
>> missed a CFRelease call.
>
> Matthias Baesken has updated the pull request incrementall
After 8278449, we seem to ignore in the call
` if (SecTrustSettingsCopyTrustSettings(certRef, kSecTrustSettingsDomainUser,
&trustSettings) == errSecItemNotFound) `
all trusted certs from admin and system domains, so a lot more certs are
ignored than necessary.
Probably we should take at least
On Thu, 2 Mar 2023 12:03:44 GMT, Pavel Rappo wrote:
> Please review this superficial documentation cleanup that was triggered by
> unrelated analysis of doc comments in JDK API.
>
> The only effect that this multi-area PR has on the JDK API Documentation
> (i.e. the observable effect on the ge
Please review this superficial documentation cleanup that was triggered by
unrelated analysis of doc comments in JDK API.
The only effect that this multi-area PR has on the JDK API Documentation (i.e.
the observable effect on the generated HTML pages) can be summarized as follows:
diff -ur
> We have a (potential) early return in addCertificatesToKeystore in
> KeystoreImpl.m . This is implemented by the CHECK_NULL macro. However this
> missed a CFRelease call.
Matthias Baesken has updated the pull request incrementally with one additional
commit since the last revision:
handle
On Wed, 1 Mar 2023 19:51:46 GMT, Weijun Wang wrote:
>> We have a (potential) early return in addCertificatesToKeystore in
>> KeystoreImpl.m . This is implemented by the CHECK_NULL macro. However this
>> missed a CFRelease call.
>
> src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m line
21 matches
Mail list logo
