Re: RFR: 8327182: Move serverAlias into the loop [v2]

> In method `X509Authentication::createServerPossession`, it looks unnecessary > to define variable `serverAlias` out of the for-loop. > It may be better to move `serverAlias` into that loop to narrow down the > scope. John Jiang has updated the pull request with a new target base due to a merge

Re: RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

On Thu, 16 Nov 2023 12:06:26 GMT, rebarbora-mckvak wrote: > This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367 > > If the process does not have write permissions, the store is opened as > read-only (instead of failing). > > Please note that permissions to use a cert

Re: RFR: 8296244: Alternate implementation of user-based authorization Subject APIs that doesn’t depend on Security Manager APIs [v6]

On Tue, 5 Mar 2024 19:56:58 GMT, Weijun Wang wrote: >> This code change adds an alternative implementation of user-based >> authorization `Subject` APIs that doesn't depend on Security Manager APIs. >> Depending on if the Security Manager is allowed, the methods store the >> current subject di

Re: RFR: 8051959: Option to print thread information in java.security.debug output [v2]

On Thu, 7 Mar 2024 11:57:07 GMT, Sean Coffey wrote: >> Proposal to improve the `java.security.debug` output so that options exist >> to add thread ID, thread name, source of log record and a timestamp >> information to the output. >> >> examples: >> format without patch : >> >> >> properties

Re: RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

On Thu, 16 Nov 2023 12:06:26 GMT, rebarbora-mckvak wrote: > This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367 > > If the process does not have write permissions, the store is opened as > read-only (instead of failing). > > Please note that permissions to use a cert

Integrated: 8325164: Named groups and signature schemes unavailable with SunPKCS11 in FIPS mode

On Mon, 12 Feb 2024 20:23:27 GMT, Daniel Jeliński wrote: > Currently the SunPKCS11 provider requires other providers in order to offer > ECDHE, FFDHE and RSA-PSS in TLS handshakes: > - FFDHE requires DiffieHellman AlgorithmParameters from SunJCE > - ECDHE requires the SunEC provider to be instal

Re: RFR: 8325164: Named groups and signature schemes unavailable with SunPKCS11 in FIPS mode [v3]

On Tue, 12 Mar 2024 20:18:37 GMT, Daniel Jeliński wrote: >> Currently the SunPKCS11 provider requires other providers in order to offer >> ECDHE, FFDHE and RSA-PSS in TLS handshakes: >> - FFDHE requires DiffieHellman AlgorithmParameters from SunJCE >> - ECDHE requires the SunEC provider to be in

Re: RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

On Thu, 16 Nov 2023 12:06:26 GMT, rebarbora-mckvak wrote: > This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367 > > If the process does not have write permissions, the store is opened as > read-only (instead of failing). > > Please note that permissions to use a cert

Re: RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

On Thu, 16 Nov 2023 12:06:26 GMT, rebarbora-mckvak wrote: > This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367 > > If the process does not have write permissions, the store is opened as > read-only (instead of failing). > > Please note that permissions to use a cert

Re: RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

On Wed, 13 Mar 2024 16:57:17 GMT, Mat Carter wrote: >> This fixes the defect described at >> https://bugs.openjdk.org/browse/JDK-8313367 >> >> If the process does not have write permissions, the store is opened as >> read-only (instead of failing). >> >> Please note that permissions to use a

Re: RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

On Thu, 16 Nov 2023 12:06:26 GMT, rebarbora-mckvak wrote: > This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367 > > If the process does not have write permissions, the store is opened as > read-only (instead of failing). > > Please note that permissions to use a cert

Re: [External] : Re: New Draft of the KDF JEP for the Java Platform

On 3/13/24 08:52, Wei-Jun Wang wrote: On Mar 12, 2024, at 6:34 PM, Martin Balao wrote: As I understand it, it's not that state is not maintained but that we are keeping it on the parameters side. For example, a extraction phase call will generate a PRK that will be kept in the parameters si

Re: RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

On Thu, 16 Nov 2023 12:06:26 GMT, rebarbora-mckvak wrote: > This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367 > > If the process does not have write permissions, the store is opened as > read-only (instead of failing). > > Please note that permissions to use a cert

Re: [External] : Re: New Draft of the KDF JEP for the Java Platform

> On Mar 12, 2024, at 6:34 PM, Martin Balao wrote: > > As I understand it, it's not that state is not maintained but that we are > keeping it on the parameters side. For example, a extraction phase call will > generate a PRK that will be kept in the parameters side for the following > expansi

Re: Improving logging in Krb5LoginModule

On 13/03/2024 01:40, Wei-Jun Wang wrote: Thinking about this raises the question: wouldn't it be possible to have these components emit Flight Recorder events as well? I understand this is a dubious topic, as some arguments contain secrets, but it would be interesting to know. Maybe restrictin