On Mon, 17 Jun 2024 08:01:39 GMT, Christoph Langer wrote:
> Exclude CAInterop.java#microsoftecc2017 because it generates lots of noice in
> CI.
This pull request has been closed without being integrated.
-
PR: https://git.openjdk.org/jdk/pull/19741
On Mon, 17 Jun 2024 08:01:39 GMT, Christoph Langer wrote:
> Exclude CAInterop.java#microsoftecc2017 because it generates lots of noice in
> CI.
Closing in favor of https://bugs.openjdk.org/browse/JDK-8334441
-
PR Comment: https://git.openjdk.org/jdk/pull/19741#issuec
On Thu, 13 Jun 2024 09:25:11 GMT, Christoph Langer wrote:
> Let's exclude these CAInterop tests until the problem is fixed.
Closing in favor of https://bugs.openjdk.org/browse/JDK-8334441
-
PR Comment: https://git.openjdk.org/jdk/pull/19690#issuecomment-2185711351
On Thu, 13 Jun 2024 09:25:11 GMT, Christoph Langer wrote:
> Let's exclude these CAInterop tests until the problem is fixed.
This pull request has been closed without being integrated.
-
PR: https://git.openjdk.org/jdk/pull/19690
> The commit being backported was authored by Rajan Halade on 21 Jun 2024 and
> was reviewed by Christoph Langer and Sean Mullan.
>
> Thanks!
Thanks for doing the backport.
-
Marked as reviewed by clanger (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/19841#pullrequestreview-2133855195
On Thu, 13 Jun 2024 09:05:07 GMT, Christoph Langer wrote:
> The test is failing currently and the JBS issue could not be resolved since
> about a month, so let's exclude the test for now.
This pull request has been closed without being integrated.
-
PR: https://git.
On Thu, 13 Jun 2024 09:05:07 GMT, Christoph Langer wrote:
> The test is failing currently and the JBS issue could not be resolved since
> about a month, so let's exclude the test for now.
Withdrawing in favor of #19814
([JDK-8334441](https://bugs.openjdk.org/browse/
On Thu, 20 Jun 2024 18:35:00 GMT, Rajan Halade wrote:
> Updated all the tests that depend on external infrastructure services as
> manual. These tests may fail with external reasons, for instance - change in
> CA test portal, certificate status updates, or network issues.
Looks good, although
On Thu, 13 Jun 2024 09:05:07 GMT, Christoph Langer wrote:
> The test is failing currently and the JBS issue could not be resolved since
> about a month, so let's exclude the test for now.
Any updates? If not, I would like to integrate this after end of this week...
-
On Thu, 13 Jun 2024 09:25:11 GMT, Christoph Langer wrote:
> Let's exclude these CAInterop tests until the problem is fixed.
I'll integrate this if we don't hear back from the CA by the end of the week.
-
PR Comment: https://git.openjdk.org/jdk/pull/19690#issuecomment-2179010698
On Thu, 13 Jun 2024 12:32:58 GMT, SendaoYan wrote:
> Hi all,
> Test
> `security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#digicerttlsrsarootg5`
> report failure as failed to validate, before the validate issue has been
> fixed, should we problem list the testcase.
On Fri, 14 Jun 2024 00:58:30 GMT, SendaoYan wrote:
>> Thanks for the approved.
>
>> @sendaoYan As a best practice, it would be useful to first understand why
>> the test is not working before putting it on the ProblemList. Depending on
>> the severity of the problem that is not always possible,
On Mon, 17 Jun 2024 08:01:39 GMT, Christoph Langer wrote:
> Exclude CAInterop.java#microsoftecc2017 because it generates lots of noice in
> CI.
@rhalade Please also have a look at this one. Thank you!
-
PR Comment: https://git.openjdk.org/jdk/pull/19741#issuecomment-2172587640
Exclude CAInterop.java#microsoftecc2017 because it generates lots of noice in
CI.
-
Commit messages:
- JDK-8334365
Changes: https://git.openjdk.org/jdk/pull/19741/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=19741&range=00
Issue: https://bugs.openjdk.org/browse/JDK-83
On Thu, 13 Jun 2024 09:25:11 GMT, Christoph Langer wrote:
> Let's exclude these CAInterop tests until the problem is fixed.
@rhalade could you please bless this exclusion quickly since it pops up in
tests of all our codelines every day...
-
PR Comment: https://git.openjdk
On Thu, 13 Jun 2024 09:05:07 GMT, Christoph Langer wrote:
> The test is failing currently and the JBS issue could not be resolved since
> about a month, so let's exclude the test for now.
@rhalade could you please bless this exclusion now since it pops up in tests of
all our code
On Thu, 13 Jun 2024 13:07:23 GMT, Christoph Langer wrote:
> Hi all,
>
> This pull request contains a backport of
> [JDK-8333724](https://bugs.openjdk.org/browse/JDK-8333724), commit
> [8ffc35d1](https://github.com/openjdk/jdk/commit/8ffc35d117846a7a2aa08afed662273d2f8877
On Thu, 13 Jun 2024 13:07:23 GMT, Christoph Langer wrote:
> Hi all,
>
> This pull request contains a backport of
> [JDK-8333724](https://bugs.openjdk.org/browse/JDK-8333724), commit
> [8ffc35d1](https://github.com/openjdk/jdk/commit/8ffc35d117846a7a2aa08afed662273d2f8877
On Thu, 13 Jun 2024 13:07:23 GMT, Christoph Langer wrote:
> Hi all,
>
> This pull request contains a backport of
> [JDK-8333724](https://bugs.openjdk.org/browse/JDK-8333724), commit
> [8ffc35d1](https://github.com/openjdk/jdk/commit/8ffc35d117846a7a2aa08afed662273d2f8877
On Thu, 13 Jun 2024 12:21:23 GMT, SendaoYan wrote:
>> Hi all,
>> Test
>> `security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca1g3`
>> report failure as `failed to validate`, before the validate issue has been
>> fixed, should we problem list the te
Hi all,
This pull request contains a backport of
[JDK-8333724](https://bugs.openjdk.org/browse/JDK-8333724), commit
[8ffc35d1](https://github.com/openjdk/jdk/commit/8ffc35d117846a7a2aa08afed662273d2f887770)
from the [openjdk/jdk](https://git.openjdk.org/jdk) repository.
The commit being backpo
On Thu, 13 Jun 2024 11:55:34 GMT, Sean Mullan wrote:
> Please wait for @rhalade to review.
Will do. There's also #19685 and #19690. These are somewhat annoying and I'd
prefer if we could exclude them for the time being.
-
PR Comment: https://git.openjdk.org/jdk/pull/19689#issuecom
Let's exclude these CAInterop tests until the problem is fixed.
-
Commit messages:
- JDK-8334202
Changes: https://git.openjdk.org/jdk/pull/19690/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=19690&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8334202
Stats: 2 li
On Thu, 13 Jun 2024 01:20:55 GMT, SendaoYan wrote:
> Hi all,
> Test
> `security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca1g3`
> report failure as `failed to validate`, before the validate issue has been
> fixed, should we problem list the testcas
The test is failing currently and the JBS issue could not be resolved since
about a month, so let's exclude the test for now.
-
Commit messages:
- JDK-8334201
Changes: https://git.openjdk.org/jdk/pull/19689/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=19689&range=00
I
On Thu, 13 Jun 2024 01:20:55 GMT, SendaoYan wrote:
> Hi all,
> Test
> `security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca1g3`
> report failure as `failed to validate`, before the validate issue has been
> fixed, should we problem list the testcas
On Thu, 15 Feb 2024 22:32:58 GMT, Christoph Langer wrote:
> The experimental SunJSSE FIPS compliant mode was removed in JDK13 with
> [JDK-8217835](https://bugs.openjdk.org/browse/JDK-8217835).
> It seems the removal of some comments had been missed at that time. This
> could be i
> The experimental SunJSSE FIPS compliant mode was removed in JDK13 with
> [JDK-8217835](https://bugs.openjdk.org/browse/JDK-8217835).
> It seems the removal of some comments had been missed at that time. This
> could be irritating to readers of the code.
Christoph Langer has upda
On Fri, 16 Feb 2024 04:24:06 GMT, Anthony Scarpino
wrote:
> You will need to update the copyright on the file.
Right. Updated.
-
PR Comment: https://git.openjdk.org/jdk/pull/17885#issuecomment-1947979882
The experimental SunJSSE FIPS compliant mode was removed in JDK13 with
[JDK-8217835](https://bugs.openjdk.org/browse/JDK-8217835).
It seems the removal of some comments had been missed at that time. This could
be irritating to readers of the code.
-
Commit messages:
- JDK-8326000
On Fri, 15 Sep 2023 08:21:00 GMT, Matthias Baesken wrote:
> Currently sun/security/pkcs11/PKCS11Test.java needs adjustment on Linux
> ppc64le Ubuntu 22, it does not find the NSS libs because the new file system
> locations are not handled, unlike on Linux x86_64 .
Marked as reviewed by clanger
On Mon, 4 Sep 2023 13:09:08 GMT, Matthias Baesken wrote:
> on some slow machines, sun/security/tools/jarsigner/Warning.java runs
> sometimes into timeouts (with fastdebug binaries).
> So the current timeout of the test should be increased.
Marked as reviewed by clanger (Reviewer).
On Wed, 2 Aug 2023 06:42:29 GMT, Christoph Langer wrote:
> Hi all,
>
> This pull request contains a backport of
> [JDK-8309088](https://bugs.openjdk.org/browse/JDK-8309088), commit
> [4c2e54fb](https://github.com/openjdk/jdk/commit/4c2e54fb055bee0af5cd838fdd32a0f7902d51
Hi all,
This pull request contains a backport of
[JDK-8309088](https://bugs.openjdk.org/browse/JDK-8309088), commit
[4c2e54fb](https://github.com/openjdk/jdk/commit/4c2e54fb055bee0af5cd838fdd32a0f7902d51e3)
from the [openjdk/jdk](https://git.openjdk.org/jdk) repository.
The commit being backpo
On Fri, 30 Jun 2023 12:28:43 GMT, Matthias Baesken wrote:
> 8310549: avoid potential leaks in KeystoreImpl.m related to
> JNU_CHECK_EXCEPTION early returns
Marked as reviewed by clanger (Reviewer).
-
PR Review: https://git.openjdk.org/jdk21/pull/86#pullrequestreview-1512250194
On Fri, 2 Jun 2023 08:03:01 GMT, Matthias Baesken wrote:
> There are cases in the sctp coding where a function
> sctpHandleSocketErrorWithMessage would be beneficial (similar to existing
> handleSocketErrorWithMessage) to provide more detail what failed.
>
> Additionally sctpHandleSocketErrorW
On Fri, 19 May 2023 12:19:56 GMT, Christoph Langer wrote:
>> With this PR we try to be better in loading certificates from the MacOS
>> Keychain into a JDK Trust store.
>>
>> The current implementation after JDK-8278449 would only load/trust
>> certificates from
On Thu, 11 May 2023 21:38:35 GMT, Christoph Langer wrote:
> With this PR we try to be better in loading certificates from the MacOS
> Keychain into a JDK Trust store.
>
> The current implementation after JDK-8278449 would only load/trust
> certificates from an identity (w
On Sat, 27 May 2023 22:47:53 GMT, Weijun Wang wrote:
>> Christoph Langer has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Remove another obsolete comment
>
> I think you can finalize the CSR now.
@wangweij
On Sat, 27 May 2023 22:47:53 GMT, Weijun Wang wrote:
> I think you can finalize the CSR now.
Thx for the hint, done.
-
PR Comment: https://git.openjdk.org/jdk/pull/13945#issuecomment-1568048939
On Tue, 23 May 2023 17:05:13 GMT, Weijun Wang wrote:
> I've started the CSR at https://bugs.openjdk.org/browse/JDK-8308690. Please
> edit if there is any issue. At the same time, please write a release note.
> See https://openjdk.org/guide/#release-notes for the process.
Thanks. I've created a
On Tue, 23 May 2023 13:50:48 GMT, Weijun Wang wrote:
> The code change looks fine to me. Thanks.
>
> Since this is rather a big behavior change, I think a CSR and a release note
> are required. The previous release note on this is at
> https://www.oracle.com/java/technologies/javase/19-relnote
On Mon, 22 May 2023 22:43:18 GMT, Weijun Wang wrote:
>> This handles the case, when a certificate is in both, the login (user) and
>> system keychain.
>
> How do you know "the existing entry must have the same properties and trust
> settings"?
Trust settings are stored per certificate. That is
On Fri, 19 May 2023 20:28:42 GMT, Weijun Wang wrote:
> Since you removed the key usage checks, can you update the PR description
> please?
Done.
> src/java.base/macosx/classes/apple/security/KeychainStore.java line 808:
>
>> 806: // Check whether a certificate with same alias alre
ficates that should be trusted
> from "security dump-trust-settings" are contained in the keystore and those
> that should be disallowed are absent.
Christoph Langer has updated the pull request incrementally with one additional
commit since the last revision:
Remove another obsole
ficates that should be trusted
> from "security dump-trust-settings" are contained in the keystore and those
> that should be disallowed are absent.
Christoph Langer has updated the pull request incrementally with one additional
commit since the last revision:
Remove further unnecessa
ficates that should be trusted
> from "security dump-trust-settings" are contained in the keystore and those
> that should be disallowed are absent.
Christoph Langer has updated the pull request with a new target base due to a
merge or a rebase. The incremental webrev excludes the unrel
On Thu, 18 May 2023 00:00:58 GMT, Weijun Wang wrote:
> Before your new change, such a certificate is not trusted, because
> `SecTrustSettingsCopyTrustSettings` returns `errSecItemNotFound` so
> `jm_createTrustedCertEntry` is not called at all.
>
> I am not sure if such a certificate is meant t
On Wed, 17 May 2023 12:42:32 GMT, Matthias Baesken wrote:
>> Christoph Langer has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Check return code of SecTrustSettingsCopyTrustSettings and address review
>&
On Wed, 17 May 2023 20:49:34 GMT, Weijun Wang wrote:
> No matter what `SecTrustSettingsCopyTrustSettings` returns, you will always
> call `jm_createTrustedCertEntry`. This means if I add a self-signed
> certificate but has not added any trusted settings onto it, it will be always
> trusted. Is
On Wed, 17 May 2023 17:34:42 GMT, Sean Mullan wrote:
> Please don't integrate this until I or someone from my team reviews it.
> Thanks.
Sure.
-
PR Comment: https://git.openjdk.org/jdk/pull/13945#issuecomment-1552088991
On Wed, 17 May 2023 07:36:33 GMT, Matthias Baesken wrote:
> Yes this seems to be the case. Could you maybe add a one liner comment to
> libosxsecurity/KeystoreImpl.m (near to the user and admin domain handling)
> summarizing what you said? And I still prefer checking the return values of
> the
ficates that should be trusted
> from "security dump-trust-settings" are contained in the keystore and those
> that should be disallowed are absent.
Christoph Langer has updated the pull request incrementally with one additional
commit since the last revision:
Check return code o
On Tue, 16 May 2023 07:46:37 GMT, Matthias Baesken wrote:
> Hi Christoph, I do not see any reference to kSecTrustSettingsDomainSystem in
> your coding. Handling at least kSecTrustSettingsDomainUser and
> kSecTrustSettingsDomainAdmin is good but I am not sure about
> kSecTrustSettingsDomainSyst
ficates that should be trusted
> from "security dump-trust-settings" are contained in the keystore and those
> that should be disallowed are absent.
Christoph Langer has updated the pull request incrementally with one additional
commit since the last revision:
Add some more initializa
With this PR we try to be better in loading certificates from the MacOS
Keychain into a JDK Trust store.
The current implementation after JDK-8278449 would only load/trust certificates
from an identity (with private key available) and certificates that have
explicit trust set in the user domain
On Tue, 28 Feb 2023 15:17:19 GMT, Matthias Baesken wrote:
> We have a (potential) early return in addCertificatesToKeystore in
> KeystoreImpl.m . This is implemented by the CHECK_NULL macro. However this
> missed a CFRelease call.
Makes sense.
-
Marked as reviewed by clanger (Rev
57 matches
Mail list logo
