On Tue, 2 May 2023 21:12:31 GMT, Jamil Nimeh wrote:
> This set of enhancements extends the allowed syntax for the
> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
> `com.sun.security.crl.readtimeout` System properties. These properties
> retain their current behavior wher
On Tue, 23 May 2023 17:05:13 GMT, Weijun Wang wrote:
> I've started the CSR at https://bugs.openjdk.org/browse/JDK-8308690. Please
> edit if there is any issue. At the same time, please write a release note.
> See https://openjdk.org/guide/#release-notes for the process.
Thanks. I've created a
On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng wrote:
> Could someone help review this PKCS11KeyStore fix regarding the cert chain
> removal?
>
> The proposed fix will not remove the cert if it has a corresponding private
> key or is an issuer of other entities in the same keystore.
>
> Thanks
On Tue, 23 May 2023 17:14:42 GMT, Mark Powers wrote:
>> https://bugs.openjdk.org/browse/JDK-8307794
>
> Mark Powers has updated the pull request incrementally with one additional
> commit since the last revision:
>
> change class names and fix nit
Test VerifyHSSLMSSignedJar.java looks good.
> We would like to propose an implementation for the [JDK-8301553: Support
> Password-Based Cryptography in
> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement
> requirement.
>
> In addition to pursuing the requirement goals and guidelines of
> [JDK-8301553](https://bugs.open
On Tue, 23 May 2023 18:55:46 GMT, Martin Balao wrote:
>> Hmm, so you are aware of a provider whose Key.getEncoded() impl returns the
>> internal key bytes directly? Although the javadoc does NOT state a copy is
>> being returned, it's very likely because an "encoding" is returned. If
>> intern
On Tue, 23 May 2023 17:14:42 GMT, Mark Powers wrote:
>> https://bugs.openjdk.org/browse/JDK-8307794
>
> Mark Powers has updated the pull request incrementally with one additional
> commit since the last revision:
>
> change class names and fix nit
test/jdk/sun/security/provider/hss/TestHSSLM
On Fri, 12 May 2023 02:23:17 GMT, Valerie Peng wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain
>> removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private
>> key or is an issuer of other entities in the same keystore.
>>
>
On Tue, 23 May 2023 17:14:42 GMT, Mark Powers wrote:
>> https://bugs.openjdk.org/browse/JDK-8307794
>
> Mark Powers has updated the pull request incrementally with one additional
> commit since the last revision:
>
> change class names and fix nit
test/micro/org/openjdk/bench/java/security/H
On Mon, 22 May 2023 22:18:13 GMT, Valerie Peng wrote:
>> We discussed this change with @franferrax and have some concerns. The method
>> Key::getEncoded does not document that a copy will be returned, and this
>> would change the current behavior and affect non-PBE cases. In practical
>> terms
On Mon, 22 May 2023 19:41:25 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request with a new target base due to a
> merge or a rebase. The incremental webrev excludes the unrelated changes
> brought in by the
On Tue, 23 May 2023 16:48:52 GMT, Kevin Driver wrote:
>> test/jdk/sun/security/ssl/SSLEngineImpl/TestBadDNForPeerCA.java line 27:
>>
>>> 25: * @test
>>> 26: * @library /test/lib
>>> 27: * @summary verify correct exception handling in the event of an
>>> unparseable
>>
>> Missing @bug field.
On Tue, 23 May 2023 10:49:17 GMT, Ferenc Rakoczi wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Ferenc: comments 1 and 2
>
> test/jdk/sun/security/provider/lms/TestLMS.java line 59:
>
>> 57: for (TestCase
On Tue, 23 May 2023 16:36:32 GMT, Cesar Soares Lucas
wrote:
> Are you suggesting to implement it as ScopeDesc::is_root(ScopeValue* sv) and
> the body of the method would just check if the sv is referenced in
> locals/expressions/monitor? Did I get it right?
I didn't propose exactly that, but
> https://bugs.openjdk.org/browse/JDK-8307794
Mark Powers has updated the pull request incrementally with one additional
commit since the last revision:
change class names and fix nit
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13940/files
- new: https://git.openjdk.or
On Fri, 19 May 2023 12:19:56 GMT, Christoph Langer wrote:
>> With this PR we try to be better in loading certificates from the MacOS
>> Keychain into a JDK Trust store.
>>
>> The current implementation after JDK-8278449 would only load/trust
>> certificates from an identity (with private key a
On Tue, 23 May 2023 15:09:39 GMT, Bradford Wetmore wrote:
>> Kevin Driver has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains 17 additional
>> commi
On Mon, 22 May 2023 17:56:41 GMT, Cesar Soares Lucas
wrote:
> Speaking of _only_merge_candidate flag, I find it easier about the code when
> the property being tracked is whether the ObjectValue is referenced from
> corresponding JVM state or not. (Maybe call it is_root()?) So,
> ScopeDesc::o
> https://bugs.openjdk.org/browse/JDK-8307794
Mark Powers has updated the pull request incrementally with one additional
commit since the last revision:
Ferenc: comment 3
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13940/files
- new: https://git.openjdk.org/jdk/pull/13
On Fri, 12 May 2023 16:17:38 GMT, Brian Burkhalter wrote:
> Replace `{@code ...}` patterns and the like with `{@snippet
> lang=java : ...}`.
This pull request has now been integrated.
Changeset: 710453c6
Author:Brian Burkhalter
URL:
https://git.openjdk.org/jdk/commit/710453c676712d
On Tue, 23 May 2023 13:50:48 GMT, Weijun Wang wrote:
> The code change looks fine to me. Thanks.
>
> Since this is rather a big behavior change, I think a CSR and a release note
> are required. The previous release note on this is at
> https://www.oracle.com/java/technologies/javase/19-relnote
On Mon, 22 May 2023 21:55:12 GMT, Jamil Nimeh wrote:
>> This set of enhancements extends the allowed syntax for the
>> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
>> `com.sun.security.crl.readtimeout` System properties. These properties
>> retain their current behavior
On Tue, 11 Apr 2023 17:26:25 GMT, Jamil Nimeh wrote:
> This fixes an issue where the key/nonce reuse policy for SunJCE ChaCha20 and
> ChaCha20-Poly1305 was overly strict in enforcing no-reuse when the Cipher was
> in DECRYPT_MODE. For decryption, this should be allowed and be consistent
> wit
On Sat, 20 May 2023 01:20:20 GMT, Martin Balao wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains three additional
>> commit
On Mon, 22 May 2023 19:41:25 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request with a new target base due to a
> merge or a rebase. The incremental webrev excludes the unrelated changes
> brought in by the
On Tue, 23 May 2023 00:36:26 GMT, Mark Powers wrote:
>> https://bugs.openjdk.org/browse/JDK-8307794
>
> Mark Powers has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Ferenc: comments 1 and 2
The code looks good to me now. I still suggest to
On Tue, 23 May 2023 06:52:01 GMT, Christoph Langer wrote:
>> How do you know "the existing entry must have the same properties and trust
>> settings"?
>
> Trust settings are stored per certificate. That is, when you do `security
> add-trusted-cert`, you have to pass a certificate that the entry
On Fri, 19 May 2023 12:19:56 GMT, Christoph Langer wrote:
>> With this PR we try to be better in loading certificates from the MacOS
>> Keychain into a JDK Trust store.
>>
>> The current implementation after JDK-8278449 would only load/trust
>> certificates from an identity (with private key a
28 matches
Mail list logo
