On Thu, 24 Apr 2025 17:57:33 GMT, Artur Barashev wrote:
> I wasn't able to reproduce the issue. Most likely it was caused by unusually
> high CPU load in test environment. Increasing the server's "accept" call
> time-out value from 5 to 10 seconds to make the test more robust.
The changes look
On Thu, 3 Apr 2025 16:31:39 GMT, Jamil Nimeh wrote:
> This fix addresses a performance regression found on some aarch64 processors,
> namely the Apple M1, when we moved to a quarter round parallel implementation
> in JDK-8349106. After making some improvements in the orderi
ments when moving to the quarter round
> parallel implementation.
>
> There is a spreadsheet attached to the JBS bug that shows 3 different
> implementations relative to the current (QR-parallel with no interleaving)
> implementation on 3 different ARM64 processors. Comparative benchm
On Fri, 18 Apr 2025 01:11:48 GMT, Jamil Nimeh wrote:
>> This fix addresses a performance regression found on some aarch64
>> processors, namely the Apple M1, when we moved to a quarter round parallel
>> implementation in JDK-8349106. After making some improvements in the
ments when moving to the quarter round
> parallel implementation.
>
> There is a spreadsheet attached to the JBS bug that shows 3 different
> implementations relative to the current (QR-parallel with no interleaving)
> implementation on 3 different ARM64 processors. Comparative benchm
ments when moving to the quarter round
> parallel implementation.
>
> There is a spreadsheet attached to the JBS bug that shows 3 different
> implementations relative to the current (QR-parallel with no interleaving)
> implementation on 3 different ARM64 processors. Comparative benchm
On Fri, 4 Apr 2025 14:35:59 GMT, Andrew Haley wrote:
>> This fix addresses a performance regression found on some aarch64
>> processors, namely the Apple M1, when we moved to a quarter round parallel
>> implementation in JDK-8349106. After making some improvements in the
>> ordering of the in
On Thu, 3 Apr 2025 16:31:39 GMT, Jamil Nimeh wrote:
> This fix addresses a performance regression found on some aarch64 processors,
> namely the Apple M1, when we moved to a quarter round parallel implementation
> in JDK-8349106. After making some improvements in the orderi
This fix addresses a performance regression found on some aarch64 processors,
namely the Apple M1, when we moved to a quarter round parallel implementation
in JDK-8349106. After making some improvements in the ordering of the
instructions in the 20-round loop we found that going back to a block
On Thu, 13 Mar 2025 01:15:03 GMT, Anthony Scarpino
wrote:
>> Hi all,
>>
>> I need a code review of the PEM API. Privacy-Enhanced Mail (PEM) is a
>> format for encoding and decoding cryptographic keys and certificates. It
>> will be integrated into JDK24 as a Preview Feature. Preview featur
On Thu, 12 Dec 2024 19:59:05 GMT, Anthony Scarpino
wrote:
>> Hi all,
>>
>> I need a code review of the PEM API. Privacy-Enhanced Mail (PEM) is a
>> format for encoding and decoding cryptographic keys and certificates. It
>> will be integrated into JDK24 as a Preview Feature. Preview featur
he raw
extension bytes they will contain the extension ID, which may be
sufficient if CT 2.0 is ever implemented. (CT 2.0 uses the
transparency_info extension.)
On Sat, Mar 1, 2025 at 5:43 PM Jamil Nimeh
wrote:
Hello Ivan,
You bring up an interesting idea, and it comes at a good time
Hello Ivan,
You bring up an interesting idea, and it comes at a good time because
we've been going back and taking another look at CT and SunJSSE. What
you are suggesting would be a useful addition, and could also be a step
towards a full implementation. I have created
https://bugs.openjdk.
On Sat, 22 Feb 2025 02:25:42 GMT, Bradford Wetmore wrote:
> Typo: s/ficticious/fictitious/
>
> No unit test. Check that javadoc still builds.
Marked as reviewed by jnimeh (Reviewer).
-
PR Review: https://git.openjdk.org/jdk/pull/23733#pullrequestreview-2634674252
On Fri, 21 Feb 2025 10:31:34 GMT, Fernando Guallini
wrote:
> The test javax/crypto/CryptoPermissions/InconsistentEntries.java uses
> CDSTestUtils.clone to copy the JDK into the scratch dir by creating symbolic
> links, but this was seen to crash the VM in Windows Server 2025. To ensure
> test
On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh wrote:
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works bet
fferent message digest in the signature).
Jamil Nimeh has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase. The pull request contains five additional commits since
the last revision:
- Ad
On Mon, 20 Jan 2025 16:20:27 GMT, Fernando Guallini
wrote:
> The test javax/crypto/CryptoPermissions/InconsistentEntries.java should not
> modify the JDK home directory under test as that could impact the results of
> other tests, or it could fail if the JDK home dir is read-only.
>
> This PR
On Mon, 17 Feb 2025 18:52:17 GMT, Fernando Guallini
wrote:
>> The test javax/crypto/CryptoPermissions/InconsistentEntries.java should not
>> modify the JDK home directory under test as that could impact the results of
>> other tests, or it could fail if the JDK home dir is read-only.
>>
>> Th
fferent message digest in the signature).
Jamil Nimeh has updated the pull request incrementally with one additional
commit since the last revision:
Remove unnecessary throws declarations
-
Changes:
- all: https://git.openjdk.org/jdk/pull/23566/files
- new: https://git.openjdk.org/
fferent message digest in the signature).
Jamil Nimeh has updated the pull request incrementally with one additional
commit since the last revision:
Fix JBS ID and summary in test
-
Changes:
- all: https://git.openjdk.org/jdk/pull/23566/files
- new: https://git.openjdk.org/jdk/pull/2
On Thu, 13 Feb 2025 19:34:04 GMT, Sean Mullan wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Fix JBS ID and summary in test
>
> test/lib/jdk/test/lib/security/CertificateBu
On Thu, 13 Feb 2025 19:52:32 GMT, Sean Mullan wrote:
> Also, should it be moved to somewhere else like
> jdk/test/sun/security/provider/certpath?
Hmmm...not sure about that, but maybe an explanation is in order: Because the
JDK only implements the client side with OCSP, we rely on CertPathVali
On Thu, 13 Feb 2025 18:58:00 GMT, Sean Mullan wrote:
>> This fix makes some minor changes to the internals of the
>> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
>> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
>> works better now with
On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh wrote:
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works bet
On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh wrote:
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works bet
This fix makes some minor changes to the internals of the `CertificateBuilder`
and `SimpleOCSPServer` test classes. They would break when ML-DSA was selected
as key and signing algorithms. Also RSASSA-PSS works better now with these
changes. I've also taken this opportunity to do some cleanup
On Sat, 8 Feb 2025 16:23:59 GMT, Jamil Nimeh wrote:
> This takes a few test classes and moves them away from their current location
> in `test/jdk/java/security/testlibrary` to `test/lib/jdk/test/lib/security`,
> grouping them together with many other existing test utility classes. I
point at the new locations for
> these classes, as needed.
Jamil Nimeh has updated the pull request incrementally with one additional
commit since the last revision:
Remove unneeded testlibrary references and minor cleanup
-
Changes:
- all: https://git.openjdk.org/jdk/p
This takes a few test classes and moves them away from their current location
in `test/jdk/java/security/testlibrary` to `test/lib/jdk/test/lib/security`,
grouping them together with many other existing test utility classes. It also
changes the dependent security tests to point at the new locat
On Thu, 6 Feb 2025 19:31:24 GMT, Bradford Wetmore wrote:
>> Update and clarify the sample code.
>>
>> Docs only, no additional testing other than verifying javadoc is correctly
>> output.
>
> Bradford Wetmore has updated the pull request incrementally with one
> additional commit since the las
On Fri, 31 Jan 2025 16:48:09 GMT, Jamil Nimeh wrote:
> This enhancement makes a change to the ChaCha20 block function intrinsic on
> aarch64, moving away from the block parallel implementation and to the
> quarter-round parallel implementation that was done on x86_64. Assembly
&
ghput. When put
> together as an intrinsic and hooked into the JCE ChaCha20 cipher, the gains
> are more modest, somewhere in the 2-4% range depending on job size, but still
> an improvement.
Jamil Nimeh has updated the pull request incrementally with one additional
commit since the
On Mon, 3 Feb 2025 10:56:28 GMT, Andrew Haley wrote:
>> This enhancement makes a change to the ChaCha20 block function intrinsic on
>> aarch64, moving away from the block parallel implementation and to the
>> quarter-round parallel implementation that was done on x86_64. Assembly
>> language
On Fri, 31 Jan 2025 16:48:09 GMT, Jamil Nimeh wrote:
> This enhancement makes a change to the ChaCha20 block function intrinsic on
> aarch64, moving away from the block parallel implementation and to the
> quarter-round parallel implementation that was done on x86_64. Assembly
&
This enhancement makes a change to the ChaCha20 block function intrinsic on
aarch64, moving away from the block parallel implementation and to the
quarter-round parallel implementation that was done on x86_64. Assembly
language profiling yielded an 11% improvement in throughput. When put toget
On Tue, 14 Jan 2025 22:41:47 GMT, Jamil Nimeh wrote:
> This makes a small change to the default value of the
> `com.sun.security.ocsp.readtimeout` System property. When not explicitly
> specified, it will be set to the value of the `com.sun.security.ocsp.timeout`
> System pro
CSR: https://bugs.openjdk.org/browse/JDK-8347749
> Original fix: https://bugs.openjdk.org/browse/JDK-8179502 (for reference)
Jamil Nimeh has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merg
On Sat, 18 Jan 2025 00:14:58 GMT, Mark Powers wrote:
> [JDK-8267068](https://bugs.openjdk.org/browse/JDK-8267068)
Looks good to me.
-
Marked as reviewed by jnimeh (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/23188#pullrequestreview-2563531119
This makes a small change to the default value of the
`com.sun.security.ocsp.readtimeout` System property. When not explicitly
specified, it will be set to the value of the `com.sun.security.ocsp.timeout`
System property, which helps ease the transition from older JDK versions where
this prope
On Thu, 9 Jan 2025 14:31:53 GMT, Sean Mullan wrote:
>> Periodically, we review the security algorithm requirements to see if new
>> algorithms should be added or existing ones should be removed. The
>> requirements are intended to improve interoperability across different SE
>> implementations
On Thu, 2 Jan 2025 14:41:48 GMT, Sean Mullan wrote:
> Periodically, we review the security algorithm requirements to see if new
> algorithms should be added or existing ones should be removed. The
> requirements are intended to improve interoperability across different SE
> implementations by
On Mon, 23 Dec 2024 18:52:58 GMT, Bradford Wetmore wrote:
>> SunJSSE has many of the IANA TLS handshake message types defined, but some
>> are reserved and could be added for debugging output.
>>
>> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
>>
>> Testing coverage: J
On Mon, 23 Dec 2024 18:47:25 GMT, Bradford Wetmore wrote:
>> SunJSSE has many of the IANA TLS handshake message types defined, but some
>> are reserved and could be added for debugging output.
>>
>> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
>>
>> Testing coverage: J
On Tue, 10 Dec 2024 06:25:51 GMT, Bradford Wetmore wrote:
> SunJSSE has many of the IANA TLS handshake message types defined, but some
> are reserved and could be added for debugging output.
>
> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
>
> Testing coverage: JDK com
On Wed, 4 Dec 2024 21:06:45 GMT, Weijun Wang wrote:
> Switch to `FINAL`.
Looks good to me.
-
Marked as reviewed by jnimeh (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/22562#pullrequestreview-2480229065
On Fri, 22 Nov 2024 17:31:37 GMT, Ben Perez wrote:
>> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
>> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
>> https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request with a
On Thu, 21 Nov 2024 22:24:37 GMT, Ben Perez wrote:
>> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
>> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
>> https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request increme
On Wed, 20 Nov 2024 20:27:48 GMT, Ben Perez wrote:
>> Java implementation of ML-KEM, the [FIPS
>> 203](https://csrc.nist.gov/pubs/fips/203/final) post-quantum KEM scheme.
>> Depends on https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request incrementally with one ad
On Thu, 14 Nov 2024 23:24:33 GMT, Ben Perez wrote:
>> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
>> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
>> https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request increme
On Thu, 21 Nov 2024 17:36:03 GMT, Sean Mullan wrote:
> Some additional text in two `javax.net.ssl` APIs related to access control
> context was missed as part of JEP 483. This behavior no longer applies now
> that the Security Manager is permanently disabled and has been removed.
>
> The imple
On Thu, 14 Nov 2024 23:24:33 GMT, Ben Perez wrote:
>> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
>> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
>> https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request increme
On Mon, 21 Oct 2024 19:52:36 GMT, Anthony Scarpino
wrote:
>> Hi all,
>>
>> I need a code review of the PEM API. Privacy-Enhanced Mail (PEM) is a
>> format for encoding and decoding cryptographic keys and certificates. It
>> will be integrated into JDK24 as a Preview Feature. Preview featur
On Fri, 4 Oct 2024 20:59:45 GMT, Ben Perez wrote:
> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
> https://github.com/openjdk/jdk/pull/21167
src/java.base/share/classes/sun/security/provider/ML_
On Fri, 27 Sep 2024 18:48:23 GMT, Jamil Nimeh wrote:
> This PR corrects a flaw in the StatusResponseManager where it was incorrectly
> swallowing the interrupt status when either an invokeAll was called (spawning
> the threads to fetch each OCSP response) or when attempting to grab
the fetches.
> Additionally, I made a small change that, in the unlikely event of a
> non-IOException being thrown, only that specific fetch is affected, but other
> successful fetches on different threads can complete and can be added to the
> resulting responseMap.
Jamil Nimeh has
On Wed, 2 Oct 2024 21:44:08 GMT, Valerie Peng wrote:
>> This PR corrects a flaw in the StatusResponseManager where it was
>> incorrectly swallowing the interrupt status when either an invokeAll was
>> called (spawning the threads to fetch each OCSP response) or when attempting
>> to grab the d
This PR corrects a flaw in the StatusResponseManager where it was incorrectly
swallowing the interrupt status when either an invokeAll was called (spawning
the threads to fetch each OCSP response) or when attempting to grab the data
from one of the Futures returned from the fetches.
Additionally
On Thu, 19 Sep 2024 21:33:11 GMT, Artur Barashev wrote:
>> https://bugs.openjdk.org/browse/JDK-8331682
>
> Artur Barashev has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Add assertions. Add the final server wrap
src/java.base/share/classes
On Thu, 15 Aug 2024 09:29:00 GMT, Fernando Guallini
wrote:
> In order to improve performance when instantiating NativePRNG, a dummy
> constructor was added in the PR: https://github.com/openjdk/jdk/pull/17560
> which takes and ignores a `java.security.SecureRandomParameters`, throwing an
> ex
On Mon, 5 Aug 2024 19:01:30 GMT, Jamil Nimeh wrote:
> This proposed enhancement adds logging to the OCSPTimeout test, which is
> intermittently failing and difficult to reproduce. The hope is that with
> extra logging enabled that additional clues as to the cause of these rare
&
//bugs.openjdk.org/browse/JDK-8337826
Jamil Nimeh has updated the pull request incrementally with one additional
commit since the last revision:
Removed JBS entry from test comment block
-
Changes:
- all: https://git.openjdk.org/jdk/pull/20471/files
- new: https://git.openjdk.
This proposed enhancement adds logging to the OCSPTimeout test, which is
intermittently failing and difficult to reproduce. The hope is that with extra
logging enabled that additional clues as to the cause of these rare failures
will become apparent.
JBS: https://bugs.openjdk.org/browse/JDK-83
On Wed, 29 May 2024 18:53:55 GMT, Anthony Scarpino
wrote:
> Hi
>
> This change is to improve TLS 1.3 session resumption by allowing a TLS server
> to send more than one resumption ticket per connection and clients to store
> more. Resumption is a quick way to use an existing TLS session to e
On Wed, 29 May 2024 18:53:55 GMT, Anthony Scarpino
wrote:
> Hi
>
> This change is to improve TLS 1.3 session resumption by allowing a TLS server
> to send more than one resumption ticket per connection and clients to store
> more. Resumption is a quick way to use an existing TLS session to e
On Fri, 10 May 2024 14:00:55 GMT, Weijun Wang wrote:
>> Add `Cipher::export` API.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> change new method to non final
That seems like a good approach. If Cipher can address all th
On Fri, 10 May 2024 14:00:55 GMT, Weijun Wang wrote:
>> Add `Cipher::export` API.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> change new method to non final
I see that it could work that way, but have we firmly establis
On Tue, 23 Apr 2024 20:42:51 GMT, Kevin Driver wrote:
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
src/java.base/share/classes/com/sun/c
On Wed, 31 Jan 2024 08:19:55 GMT, SendaoYan wrote:
> 8325024: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java incorrect
> comment information
Looks good, but please label the JBS bug with noreg-trivial.
-
Marked as reviewed by jnimeh (Reviewer).
PR Review: https://git.
On Wed, 31 Jan 2024 07:42:32 GMT, John Jiang wrote:
> If the server doesn't receive the client certificate for required client
> authentication, it should raise error `Empty client certificate chain`.
Looks good.
-
Marked as reviewed by jnimeh (Reviewer).
PR Review: https://git.o
On Thu, 18 Jan 2024 19:11:56 GMT, Anthony Scarpino
wrote:
> This is the straight backport to 22 of
> https://github.com/openjdk/jdk/pull/17362
LGTM
-
Marked as reviewed by jnimeh (Reviewer).
PR Review: https://git.openjdk.org/jdk22/pull/93#pullrequestreview-1830622552
On Thu, 11 Jan 2024 03:26:03 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review of a few simple test changes. This fixes a failure with two
> manually run AES/GCM tests that depended on another test that changed with
> [JDK-8318756](https://bugs.openjdk.org/browse/JDK-8318756). It also
On Tue, 12 Dec 2023 01:02:59 GMT, Jamil Nimeh wrote:
> This fix corrects an oversight in the ChaCha20 intrinsics delivered by
> JDK-8247645. An ifdef guard is now part of the x86 ChaCha20 intrinsics code
> which disables them by default on 32-bit platforms, as this architecture w
> This fix corrects an oversight in the ChaCha20 intrinsics delivered by
> JDK-8247645. An ifdef guard is now part of the x86 ChaCha20 intrinsics code
> which disables them by default on 32-bit platforms, as this architecture was
> not part of the feature delivery.
Jamil Nimeh has
On Tue, 12 Dec 2023 09:24:48 GMT, Aleksey Shipilev wrote:
>> src/hotspot/cpu/x86/vm_version_x86.cpp line 1152:
>>
>>> 1150: // No support currently for ChaCha20 intrinsics on 32-bit platforms
>>> 1151: if (UseChaCha20Intrinsics) {
>>> 1152: warning("Support for ChaCha20 intrinsics not
On Mon, 9 Oct 2023 20:44:50 GMT, Kevin Driver wrote:
>> fixes [JDK-8314199](https://bugs.openjdk.org/browse/JDK-8314199) by
>> initializing the HashSet with a more accurate number
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
On Mon, 9 Oct 2023 19:19:49 GMT, Kevin Driver wrote:
>> I wondered about an approach like this. I'll push another commit with these
>> changes.
>
> Do you think we'll lose performance in a meaningful way? One of the
> guarantees of HashSet is constant-time operations.
>
> There is no such gua
On Mon, 9 Oct 2023 16:36:06 GMT, Kevin Driver wrote:
> fixes [JDK-8314199](https://bugs.openjdk.org/browse/JDK-8314199) by
> initializing the HashSet with a more accurate number
src/java.base/share/classes/com/sun/crypto/provider/PBEKeyFactory.java line 59:
> 57:
> 58: static {
> 59:
On Fri, 11 Aug 2023 21:38:04 GMT, Daniel Jeliński wrote:
>> Please review this patch that ensures that all exceptions thrown by
>> SSLEngine delegated tasks are translated to alerts.
>>
>> All exceptions should already be translated to SSLExceptions and alerts by
>> the time we exit from conte
On Thu, 21 Sep 2023 13:29:10 GMT, Sean Mullan wrote:
>> Please review this change to ensure this test is tested on different TLS
>> protocols (1.0, 1.1, 1.2)
>>
>> I added a protocol parameter to the test arguments so that different
>> protocols are tested. I also removed the boolean exportabl
On Thu, 21 Sep 2023 13:30:07 GMT, Sean Mullan wrote:
>> test/jdk/sun/security/ssl/DHKeyExchange/DHEKeySizing.java line 35:
>>
>>> 33: * @library /javax/net/ssl/templates
>>> 34: * @run main/othervm -Djdk.tls.client.enableSessionTicketExtension=false
>>> 35: * DHEKeySizing TLS_DHE_RSA_WIT
On Wed, 20 Sep 2023 19:51:28 GMT, Sean Mullan wrote:
> Please review this change to ensure this test is tested on different TLS
> protocols (1.0, 1.1, 1.2)
>
> I added a protocol parameter to the test arguments so that different
> protocols are tested. I also removed the boolean exportable arg
On Wed, 6 Sep 2023 20:02:10 GMT, Hai-May Chao wrote:
>> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank
>> you.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Set to default if a negative valu
On Thu, 31 Aug 2023 02:34:58 GMT, John Jiang wrote:
> The method `SSLSocketImpl::closeSocket` has the below code snippet,
>
>
> if (appInput.readLock.tryLock()) {
> int soTimeout = getSoTimeout();
> try {
> // deplete could hang on the skip operation
> // in case of infi
On Thu, 3 Aug 2023 20:51:33 GMT, Valerie Peng wrote:
> This change addresses the scenario where a certificate is first stored as
> part of a certificate chain and then stored again as a certificate
> corresponding to a PrivateKey entry. Newer version of NSS errors out with
> CKR_GENERAL_ERROR
On Fri, 4 Aug 2023 17:30:06 GMT, Hai-May Chao wrote:
> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank
> you.
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 159:
> 157: maxServerCertificateChainLength = (serverLen != null) ?
> 158:
On Mon, 31 Jul 2023 19:09:53 GMT, Xue-Lei Andrew Fan wrote:
>> Hi,
>>
>> May I have the code cleanup update reviewed? With this update, the unused
>> code in StatusResponseManager.java will be removed.
>>
>> Thanks,
>> Xuelei
>
> Xue-Lei Andrew Fan has updated the pull request incrementally w
On Wed, 2 Aug 2023 00:45:36 GMT, Xue-Lei Andrew Fan wrote:
>> I think @jnimeh should review this, as I think these methods were added when
>> implementing OCSP Stapling, and it would be good for him to make sure they
>> are no longer needed..
>
>> I think @jnimeh should review this, as I think
On Thu, 27 Jul 2023 04:00:21 GMT, John Jiang wrote:
> if ((nextByte == DerValue.tag_SequenceOf)
> && (! ((nextByte & 0x0c0) == 0x080))) {
> ...
> ...
> }
>
> If `nextByte` is `DerValue.tag_SequenceOf`, exactly `0x30`, then the test
> after `&&` should always be true.
The change
On Mon, 17 Jul 2023 17:45:56 GMT, Matthew Donovan wrote:
> In this PR, i raised the client timeout from 5 to 60 seconds. I considered
> refactoring the SimpleOSCPServer class a little but ultimately, the client
> needs to just wait until the server is ready or a time-out is reached.
> Alternat
On Thu, 13 Jul 2023 17:36:47 GMT, Matthew Donovan wrote:
>> test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java line 51:
>>
>>> 49: private static final String DTLSV_1_2 = "DTLSv1.2";
>>> 50:
>>> 51: private static final int READ_TIMEOUT_SECS =
>>> Integer.getInteger("readtimeout", 3
On Mon, 26 Jun 2023 17:38:04 GMT, Matthew Donovan wrote:
> In this PR, I updated the test to use read time-outs. The test is restarted
> if the read operations time-out within (default) 30 seconds. The test makes 5
> attempts before giving up.
Aside from the nit, looks good to me.
test/jdk/ja
On Fri, 23 Jun 2023 14:55:45 GMT, Jamil Nimeh wrote:
> This is a backport of the test fixes comprising JDK-8309740.
This pull request has now been integrated.
Changeset: 17b6f7b9
Author: Jamil Nimeh
URL:
https://git.openjdk.org/jdk21/commit/17b6f7b9a5a14a869d3f1efd0ab51fea4fa40
On Fri, 23 Jun 2023 15:20:24 GMT, Ben Perez wrote:
>> Added single-argument `putTime` method to `DerOutputStream` that selects the
>> correct encoding based on the `Date` value. Similarly, a `getTime` method
>> was added to `DerValue` to automatically call the correct decoding function
>> base
This is a backport of the test fixes comprising JDK-8309740.
-
Commit messages:
- Backport 5ca4cdd2caceba9dad8025e5a8851740a3961921
Changes: https://git.openjdk.org/jdk21/pull/58/files
Webrev: https://webrevs.openjdk.org/?repo=jdk21&pr=58&range=00
Issue: https://bugs.openjdk.org/
On Fri, 16 Jun 2023 18:42:32 GMT, Xue-Lei Andrew Fan wrote:
>> This PR is for tests that were modified/added in JDK-8179502. The timeout
>> windows for those tests were a little too short on some test systems,
>> especially when the system is under heavy load. After a few iterations
>> tryin
On Fri, 16 Jun 2023 18:19:45 GMT, Jamil Nimeh wrote:
> This PR is for tests that were modified/added in JDK-8179502. The timeout
> windows for those tests were a little too short on some test systems,
> especially when the system is under heavy load. After a few iterations
>
On Thu, 22 Jun 2023 23:22:14 GMT, Ben Perez wrote:
>> Added single-argument `putTime` method to `DerOutputStream` that selects the
>> correct encoding based on the `Date` value. Similarly, a `getTime` method
>> was added to `DerValue` to automatically call the correct decoding function
>> base
On Thu, 22 Jun 2023 19:50:10 GMT, Jamil Nimeh wrote:
>> Ben Perez has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Replaced depreciated ctor in putTime. Added getTime method to
>> DerInputStream
On Thu, 22 Jun 2023 21:21:14 GMT, Ben Perez wrote:
>> Added single-argument `putTime` method to `DerOutputStream` that selects the
>> correct encoding based on the `Date` value. Similarly, a `getTime` method
>> was added to `DerValue` to automatically call the correct decoding function
>> base
1 - 100 of 189 matches
Mail list logo
