On Wed, 3 May 2023 00:27:55 GMT, Weijun Wang wrote:
>> Well, all the existing documentation already states that they are in
>> seconds. That was why I didn't add any additional suffixes. The goal was
>> to make it so folks don't need to make any changes if the existing
>> seconds-level granu
On Fri, 28 Apr 2023 20:55:33 GMT, Kevin Driver wrote:
> Fix type-o and update returns message.
I agree with Sean/Valerie's comments. Otherwise, LGTM.
-
Marked as reviewed by wetmore (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/13729#pullrequestreview-1410050561
On Tue, 2 May 2023 23:20:20 GMT, Jamil Nimeh wrote:
>> src/java.base/share/classes/sun/security/action/GetPropertyAction.java line
>> 192:
>>
>>> 190:
>>> 191: // Determine if "ms" is on the end of the string
>>> 192: boolean isMillis = propVal.toLowerCase().endsWith("ms");
>>
On Tue, 2 May 2023 22:33:47 GMT, Weijun Wang wrote:
>> This set of enhancements extends the allowed syntax for the
>> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
>> `com.sun.security.crl.readtimeout` System properties. These properties
>> retain their current behavior
On Tue, 2 May 2023 21:12:31 GMT, Jamil Nimeh wrote:
> This set of enhancements extends the allowed syntax for the
> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
> `com.sun.security.crl.readtimeout` System properties. These properties
> retain their current behavior wher
This set of enhancements extends the allowed syntax for the
`com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
`com.sun.security.crl.readtimeout` System properties. These properties retain
their current behavior where a purely numeric value is interpreted in seconds,
but now t
On Tue, 2 May 2023 20:48:37 GMT, Weijun Wang wrote:
>> Done.
>
> Where?
Done now. Sorry about it.
-
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1183075152
> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
> SHA-256/192 parameters recommended.
Ferenc Rakoczi has updated the pull request incrementally with one additional
commit since the last revisio
On Tue, 2 May 2023 21:11:09 GMT, Jiangli Zhou wrote:
>> Thanks for the explanation. Please file a different issue for this change,
>> since it is outside the scope of this issue, which is to specifically add
>> new roots that have been approved by the Java SE CA Root Program processes.
>> Upda
On Tue, 2 May 2023 20:45:38 GMT, Weijun Wang wrote:
>> Ferenc Rakoczi has refreshed the contents of this pull request, and previous
>> commits have been removed. The incremental views will show differences
>> compared to the previous content of the PR. The pull request contains one
>> new comm
> This PR was requested by awar...@google.com. The updates were provided by
> awar...@google.com.
Jiangli Zhou has updated the pull request incrementally with one additional
commit since the last revision:
Update test/jdk/sun/security/lib/cacerts/VerifyCACerts.java after reverting
src/java.b
On Tue, 2 May 2023 20:36:57 GMT, Sean Mullan wrote:
>> The original R4 did not have the digitalSignature keyUsage set. This root
>> signs OCSP responses, so it needed to be reissued to comply with section
>> 7.1.2.1 of the CA/B Forum baseline requirements. The only change between the
>> two ve
> This PR was requested by awar...@google.com. The updates were provided by
> awar...@google.com.
Jiangli Zhou has updated the pull request incrementally with one additional
commit since the last revision:
Revert the src/java.base/share/data/cacerts/globalsigneccrootcar4 change.
On Tue, 2 May 2023 20:32:33 GMT, Ferenc Rakoczi wrote:
>> Done
>
> Done.
Where?
-
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1183036679
On Tue, 2 May 2023 20:33:40 GMT, Ferenc Rakoczi wrote:
>> src/java.base/share/classes/sun/security/provider/HSS.java line 213:
>>
>>> 211:
>>> 212: static class LMSUtils {
>>> 213: public final static int LMS_RESERVED = 0;
>>
>> Is the `LMS_RESERVED` and `LMOTS_RESERVED` constants
On Tue, 2 May 2023 20:44:27 GMT, Ferenc Rakoczi wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
>> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
>> SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has refreshed the contents of
> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
> SHA-256/192 parameters recommended.
Ferenc Rakoczi has refreshed the contents of this pull request, and previous
commits have been removed. The
> This PR was requested by awar...@google.com. The updates were provided by
> awar...@google.com.
Jiangli Zhou has updated the pull request incrementally with one additional
commit since the last revision:
Add GoogleCA.java test from @rhalade.
-
Changes:
- all: https://git.ope
On Tue, 2 May 2023 18:42:36 GMT, Rajan Halade wrote:
> You can include this contribution in your PR. Then it will be easier to
> backport to JDK 20u as one changeset. I updated bug id in the changeset.
Done. Please double check.
I ran the GoogleCA.java test with a test JDK binary built with th
On Tue, 2 May 2023 18:51:52 GMT, Andy Warner wrote:
>> src/java.base/share/data/cacerts/globalsigneccrootcar4 line 3:
>>
>>> 1: Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
>>> 2: Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
>>> 3: Serial number: 203e
On Fri, 28 Apr 2023 13:38:41 GMT, Weijun Wang wrote:
>> I need it now, with the addWithAlias() change.
>
> `addWithAlias` search for an OID by its name using the `KnownOIDs` class.
Removed.
-
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1183023787
On Fri, 28 Apr 2023 19:54:42 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/provider/HSS.java line 423:
>>
>>> 421:
>>> 422: default:
>>> 423: throw new IllegalArgumentException("Unsupported or
>>> bad LMS type");
>>
>> Could this be `I
On Tue, 2 May 2023 20:32:02 GMT, Ferenc Rakoczi wrote:
>> src/java.base/share/classes/sun/security/provider/HSS.java line 66:
>>
>>> 64: if (!(publicKey instanceof HSSPublicKey pub)) {
>>> 65: throw new InvalidKeyException("Not an HSS public key: ");
>>> 66: }
>>
>>
On Thu, 27 Apr 2023 17:39:14 GMT, Weijun Wang wrote:
>> Ferenc Rakoczi has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> addressing more review comments
>
> src/java.base/share/classes/sun/security/provider/HSS.java line 66:
>
>> 64:
On Fri, 28 Apr 2023 13:52:30 GMT, Weijun Wang wrote:
>> Ferenc Rakoczi has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> review comments addressed
>
> src/java.base/share/classes/sun/security/provider/HSS.java line 86:
>
>> 84:
> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
> SHA-256/192 parameters recommended.
Ferenc Rakoczi has updated the pull request incrementally with one additional
commit since the last revisio
On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng wrote:
> Could someone help review this PKCS11KeyStore fix regarding the cert chain
> removal?
>
> The proposed fix will not remove the cert if it has a corresponding private
> key or is an issuer of other entities in the same keystore.
>
> Thanks
On Tue, 2 May 2023 18:42:36 GMT, Rajan Halade wrote:
> >
>
> I have infra tests for interop implemented. @jianglizhou, please check
> https://github.com/openjdk/jdk/compare/master...rhalade:jdk:googletrust-certify?expand=1
Aside from the bug number @jianglizhou raised, the interop tests look
On Tue, 2 May 2023 16:35:18 GMT, Jiangli Zhou wrote:
> This PR was requested by awar...@google.com. The updates were provided by
> awar...@google.com.
> > >
> >
> >
> > I have infra tests for interop implemented. @jianglizhou, please check
> > https://github.com/openjdk/jdk/compare/master..
On Tue, 2 May 2023 17:29:07 GMT, Rajan Halade wrote:
> >
>
> I have infra tests for interop implemented. @jianglizhou, please check
> https://github.com/openjdk/jdk/compare/master...rhalade:jdk:googletrust-certify?expand=1
@rhalade, thanks! I have a minor comment below for your
test/jdk/secu
On Tue, 2 May 2023 17:29:07 GMT, Rajan Halade wrote:
>> This PR was requested by awar...@google.com. The updates were provided by
>> awar...@google.com.
>
>>
>
> I have infra tests for interop implemented. @jianglizhou, please check
> https://github.com/openjdk/jdk/compare/master...rhalade:jd
On Thu, 27 Apr 2023 15:40:53 GMT, Weijun Wang wrote:
>> The KEM API and DHKEM impl. Note that this PR uses new methods in
>> https://github.com/openjdk/jdk/pull/13250.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> more @s
> The KEM API and DHKEM impl. Note that this PR uses new methods in
> https://github.com/openjdk/jdk/pull/13250.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
providerName
-
Changes:
- all: https://git.openjdk.org/jd
On Tue, 2 May 2023 16:35:18 GMT, Jiangli Zhou wrote:
> This PR was requested by awar...@google.com. The updates were provided by
> awar...@google.com.
>
I have infra tests for interop implemented. @jianglizhou, please check
https://github.com/openjdk/jdk/compare/master...rhalade:jdk:googletr
On Tue, 2 May 2023 16:35:18 GMT, Jiangli Zhou wrote:
> This PR was requested by awar...@google.com. The updates were provided by
> awar...@google.com.
Ideally, an infra test for testing test certs should also be added. @rhalade
may be able to contribute this.
-
PR Comment: https:
This PR was requested by awar...@google.com. The updates are provided by
awar...@google.com.
-
Commit messages:
- Merge branch 'master' into JDK-8307134
- 8307134: Add GTS root CAs
Changes: https://git.openjdk.org/jdk/pull/13754/files
Webrev: https://webrevs.openjdk.org/?repo=jdk
On Tue, 2 May 2023 14:31:38 GMT, Matthew Donovan wrote:
>> In this PR, I added methods to the TransportContext class to synchronize
>> access to the handshakeContext field. I also updated locations in the code
>> that rely on the handshakeContext field to not be null to use the
>> synchronized
> In this PR, I added methods to the TransportContext class to synchronize
> access to the handshakeContext field. I also updated locations in the code
> that rely on the handshakeContext field to not be null to use the
> synchronized methods.
>
> Thanks
Matthew Donovan has updated the pull re
On Tue, 2 May 2023 12:56:38 GMT, Daniel Fuchs wrote:
>> Matthew Donovan has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> using try/finally in terminateHandshakeContext and using local context
>> variable in all places it should be
>
> sr
On Tue, 2 May 2023 13:43:52 GMT, Xue-Lei Andrew Fan wrote:
> The checks are not fully passed. Please double check if the failures are
> related to this update.
They are unrelated to these changes.
-
PR Comment: https://git.openjdk.org/jdk/pull/13494#issuecomment-1531517933
On Mon, 17 Apr 2023 13:25:53 GMT, Matthew Donovan wrote:
> I refactored tests in the test/jdk/javax/net/ssl directories to use the test
> template classes.
Looks good to me.
The checks are not fully passed. Please double check if the failures are
related to this update.
-
Marke
On Mon, 1 May 2023 17:39:02 GMT, Matthew Donovan wrote:
> In this PR, I added methods to the TransportContext class to synchronize
> access to the handshakeContext field. I also updated locations in the code
> that rely on the handshakeContext field to not be null to use the
> synchronized met
On Mon, 17 Apr 2023 13:25:53 GMT, Matthew Donovan wrote:
> I refactored tests in the test/jdk/javax/net/ssl directories to use the test
> template classes.
Could someone please review this PR? This directly related to
https://github.com/openjdk/jdk/pull/13495 as well.
Thanks!
-
43 matches
Mail list logo
