On Mon, 22 May 2023 22:43:18 GMT, Weijun Wang wrote:
>> This handles the case, when a certificate is in both, the login (user) and
>> system keychain.
>
> How do you know "the existing entry must have the same properties and trust
> settings"?
Trust settings are stored per certificate. That is
On Mon, 22 May 2023 14:23:15 GMT, Andrew Haley wrote:
> This provides a solid speedup of about 3-4x over the Java implementation.
>
> I have a vectorized version of this which uses a bunch of tricks to speed it
> up, but it's complex and can still be improved. We're getting close to ramp
> dow
> https://bugs.openjdk.org/browse/JDK-8307794
Mark Powers has updated the pull request incrementally with one additional
commit since the last revision:
Ferenc: comments 1 and 2
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13940/files
- new: https://git.openjdk.org/jdk/
On Mon, 22 May 2023 17:39:59 GMT, Jamil Nimeh wrote:
>> src/java.base/share/classes/sun/security/provider/certpath/URICertStore.java
>> line 131:
>>
>>> 129: private static final int DEFAULT_CRL_READ_TIMEOUT = 15000;
>>> 130:
>>> 131: // Default connect and read timeouts for CA certifi
On Sun, 21 May 2023 21:29:50 GMT, Christoph Langer wrote:
>> src/java.base/macosx/classes/apple/security/KeychainStore.java line 808:
>>
>>> 806: // Check whether a certificate with same alias already
>>> exists and is the same
>>> 807: // If yes, we can return here - th
On Sat, 20 May 2023 00:58:05 GMT, Martin Balao wrote:
>> Good
>
> We discussed this change with @franferrax and have some concerns. The method
> Key::getEncoded does not document that a copy will be returned, and this
> would change the current behavior and affect non-PBE cases. In practical
>
> This set of enhancements extends the allowed syntax for the
> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
> `com.sun.security.crl.readtimeout` System properties. These properties
> retain their current behavior where a purely numeric value is interpreted in
> seconds,
On Mon, 22 May 2023 19:28:26 GMT, Roger Riggs wrote:
> Thanks for the updates.
Thanks for all the comments (and the approval).
-
PR Comment: https://git.openjdk.org/jdk/pull/13957#issuecomment-1557863535
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase. The pull request contains 17 additional commits s
On Fri, 19 May 2023 17:49:07 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with two additional
> commits since the last revision:
>
> - fix bug id in test header
> - reworked example in
On Thu, 18 May 2023 17:07:40 GMT, Weijun Wang wrote:
>> The KEM API and DHKEM impl. Note that this PR uses new methods in
>> https://github.com/openjdk/jdk/pull/13250.
>
> Weijun Wang has updated the pull request with a new target base due to a
> merge or a rebase. The incremental webrev exclud
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request incrementally with one additional
commit since the last revision:
additional code review comments
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13466/files
- new
On Fri, 19 May 2023 19:00:39 GMT, Sean Mullan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> additional code review comments
>
> test/jdk/sun/security/ssl/SSLEngineImpl/Test8294985.java line 28:
>
>> 26: * @bug
On Fri, 19 May 2023 20:21:16 GMT, Bradford Wetmore wrote:
>> Kevin Driver has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - fix bug id in test header
>> - reworked example into a jtreg test
>
> test/jdk/sun/security/ssl/SSLEngineImpl/Te
On Thu, 18 May 2023 19:14:02 GMT, Brian Burkhalter wrote:
>> Replace `{@code ...}` patterns and the like with `{@snippet
>> lang=java : ...}`.
>
> Brian Burkhalter has updated the pull request incrementally with one
> additional commit since the last revision:
>
> 8308016: Address reviewer c
On Fri, 12 May 2023 02:23:17 GMT, Valerie Peng wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain
>> removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private
>> key or is an issuer of other entities in the same keystore.
>>
>
On Fri, 12 May 2023 02:23:17 GMT, Valerie Peng wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain
>> removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private
>> key or is an issuer of other entities in the same keystore.
>>
>
On Wed, 17 May 2023 12:28:47 GMT, Artem Semenov wrote:
> When using the clang compiler to build OpenJDk on Linux, we encounter various
> "warnings as errors".
> They can be fixed with small changes.
I don't like this approach at all. if github had a "reject" button I'd be
pushing it now.
updat
On Fri, 19 May 2023 04:06:47 GMT, Vladimir Ivanov wrote:
> I verified that the new test cases do trigger SR+NSR scenario.
>
> How do you test that deoptimization works as expected?
>
I have a copy of the tests in AllocationMergesTests.java in a separate file
(not included in this PR) and I ru
On Mon, 22 May 2023 17:17:26 GMT, Sean Mullan wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Use privilegedGetProperty, catch NFE following string match
>
> src/java.base/share/classes/sun/security/action/GetProper
On Mon, 22 May 2023 16:59:15 GMT, Jamil Nimeh wrote:
>> This set of enhancements extends the allowed syntax for the
>> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
>> `com.sun.security.crl.readtimeout` System properties. These properties
>> retain their current behavior
On Tue, 9 May 2023 14:59:36 GMT, Sean Mullan wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add 's' suffix to allowed syntax
>
> I think you should also apply the cert and CRL timeouts to the
> `LDAPCertStore` imp
> This set of enhancements extends the allowed syntax for the
> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
> `com.sun.security.crl.readtimeout` System properties. These properties
> retain their current behavior where a purely numeric value is interpreted in
> seconds,
This provides a solid speedup of about 3-4x over the Java implementation.
I have a vectorized version of this which uses a bunch of tricks to speed it
up, but it's complex and can still be improved. We're getting close to ramp
down, so I'm submitting this simple intrinsic so that we can get it r
On Mon, 22 May 2023 15:58:14 GMT, Sean Mullan wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add OCSP readtimeout property
>
> src/java.base/share/classes/sun/security/action/GetPropertyAction.java line
> 186:
>
On Fri, 19 May 2023 20:05:07 GMT, Jamil Nimeh wrote:
>> This set of enhancements extends the allowed syntax for the
>> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
>> `com.sun.security.crl.readtimeout` System properties. These properties
>> retain their current behavior
Add realm name to the exception message, and make it the primary exception
(retry exception added suppressed).
-
Commit messages:
- the fix
Changes: https://git.openjdk.org/jdk/pull/14086/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14086&range=00
Issue: https://bugs.o
On Wed, 17 May 2023 12:28:47 GMT, Artem Semenov wrote:
> When using the clang compiler to build OpenJDk on Linux, we encounter various
> "warnings as errors".
> They can be fixed with small changes.
I would suggest either disable warnings on per file basis or rewrite
problematic code. Disabli
On Fri, 19 May 2023 12:03:54 GMT, Matthew Donovan wrote:
> This PR implements a test to verify that a DTLS server running "out of the
> box" (i.e., DTLSv1.0 disabled in java.security) will not handshake with a
> client requesting DTLSv1.0. The test also implements the opposite: a client
> won'
On Tue, 16 May 2023 10:38:52 GMT, Darragh Clarke wrote:
> Updated instances of `toLowerCase` and `toUpperCase` in several net and io
> files to specify `Locale.ROOT` to ensure that case conversion issues don't
> occur,
>
> I didn't add any new tests but ran tier 1-3 with no issues
This pull r
On Fri, 19 May 2023 11:24:30 GMT, Michael McMahon wrote:
> Seems like a useful change and I can see how issues could arise if strings
> were stored somewhere after being upper/lower cased and then reused in a
> different locale.
>
> Is it correct to say that the assumption is these strings are
31 matches
Mail list logo
