On Thu, 13 Jun 2024 14:01:55 GMT, Weijun Wang wrote:
> There is an error in `jarsigner` on the "This JAR contains signed entries
> that aren't signed by alias in this keystore" warning. The exit code is
> determined by
> [`notSignedByAlias`](https://github.com/openjdk/jdk/blob/0a60b0f99efb38d2
Please review this change to distrust TLS server certificates issued after
November 11, 2024 and anchored by Entrust Root CAs. This is a follow up fix
after JDK-8337664 to update only the distrust date. TLS server certificates
issued before this date will continue to be valid until they expire.
On Fri, 27 Sep 2024 19:30:52 GMT, Daniel Jeliński wrote:
>> You mean the `packet` buffer? No, it has 2 bytes remaining as it should.
>
> I was referring to `srcs[srcOffset]`; `packet` is a duplicate, so the
> position is independent from the original.
No, the position was already advanced in `d
On Fri, 27 Sep 2024 19:19:56 GMT, Artur Barashev wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 144:
>>
>>> 142: }
>>> 143:
>>> 144: plaintexts = new Plaintext[]{
>>
>> do we need to advance the position of the input buffer
On Fri, 27 Sep 2024 18:56:49 GMT, Daniel Jeliński wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Use 'useTLS13PlusSpec()' instead of comparing the version to TLS13. This
>> improves the odds that we won't need
On Wed, 25 Sep 2024 20:01:53 GMT, Artur Barashev wrote:
>> https://bugs.openjdk.org/browse/JDK-8331682
>
> Artur Barashev has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Use 'useTLS13PlusSpec()' instead of comparing the version to TLS13. Th
This PR corrects a flaw in the StatusResponseManager where it was incorrectly
swallowing the interrupt status when either an invokeAll was called (spawning
the threads to fetch each OCSP response) or when attempting to grab the data
from one of the Futures returned from the fetches.
Additionally
On Thu, 26 Sep 2024 21:34:56 GMT, Rajan Halade wrote:
> This PR is to add two new TLS root certificates from SSL.com. This CA has
> gone through
> https://www.oracle.com/java/technologies/javase/carootcertsprogram.html
> process.
>
>
> The release-note is at
> [JDK-8341062](https://bugs.ope
On Fri, 27 Sep 2024 16:22:04 GMT, Rajan Halade wrote:
> Please review this change to distrust TLS server certificates issued after
> November 11, 2024 and anchored by Entrust Root CAs. This is a follow up fix
> after JDK-8337664 to update only the distrust date. TLS server certificates
> issue
On Thu, 26 Sep 2024 21:34:56 GMT, Rajan Halade wrote:
> This PR is to add two new TLS root certificates from SSL.com. This CA has
> gone through
> https://www.oracle.com/java/technologies/javase/carootcertsprogram.html
> process.
>
>
> The release-note is at
> [JDK-8341062](https://bugs.ope
On Fri, 27 Sep 2024 16:22:04 GMT, Rajan Halade wrote:
> Please review this change to distrust TLS server certificates issued after
> November 11, 2024 and anchored by Entrust Root CAs. This is a follow up fix
> after JDK-8337664 to update only the distrust date. TLS server certificates
> issue
This PR is to add two new TLS root certificates from SSL.com. This CA has gone
through https://www.oracle.com/java/technologies/javase/carootcertsprogram.html
process.
The release-note is at
[JDK-8341062](https://bugs.openjdk.org/browse/JDK-8341062)
-
Commit messages:
- remove c
On Fri, 27 Sep 2024 14:17:54 GMT, Sean Mullan wrote:
>> Actually, I see the output will also contain the message "Re-run with the
>> -verbose and -certs options for more details." so I take back my comment
>> above.
>
> For this summary message, I suggest we be a bit more descriptive like in
>
> There ~are two~ is one change~s~:
>
> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and
> print them out as
>
> Warning: nonexistent signed entries detected: [a]
>
> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed
> file entries.~
>
>
On Fri, 27 Sep 2024 14:01:18 GMT, Sean Mullan wrote:
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java
>> line 182:
>>
>>> 180: {"key.bit.eccurve.disabled", "%1$d-bit %2$s key (disabled)"},
>>> 181: {"unknown.size", "unknown size"},
>>> 182: {"
> To prepare for new PQC algorithms like ML-KEM and ML-DSA where there are only
> named standardized parameter sets, a common framework is introduced.
>
> A example of EdDSA implementation using this framework is included as a test.
Weijun Wang has updated the pull request incrementally with one
On Fri, 27 Sep 2024 13:49:57 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> expected result should be the 1st argument
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java
On Thu, 19 Sep 2024 12:06:57 GMT, Weijun Wang wrote:
>> There ~are two~ is one change~s~:
>>
>> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and
>> print them out as
>>
>> Warning: nonexistent signed entries detected: [a]
>>
>> ~2. In `JarSigner::sign0`, when creat
18 matches
Mail list logo
