On Fri, 5 Jul 2024 08:58:03 GMT, Prajwal Kumaraswamy
wrote:
> The client identity checks when "HTTPS" endpoint identification algorithm is
> set on SSL server throws "java.security.cert.CertificateException: No subject
> alternative names present" when client
On Sat, 6 Jul 2024 00:30:20 GMT, Bradford Wetmore wrote:
>> Prajwal Kumaraswamy has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> format code with minor changes
>
> src/java.base/share/classes/sun/security
er Engine and SSL Server Socket and
> attached are logs and snapshot for reference, also I have ran the changes
> against external test suite and test runs are green.
Prajwal Kumaraswamy has updated the pull request incrementally with one
additional commit since the last revision:
form
On Sat, 6 Jul 2024 00:37:51 GMT, Bradford Wetmore wrote:
>> The client identity checks when "HTTPS" endpoint identification algorithm is
>> set on SSL server throws "java.security.cert.CertificateException: No
>> subject alternative names present" when client certificate's SubjectAltName
>> ex
On Fri, 5 Jul 2024 08:58:03 GMT, Prajwal Kumaraswamy
wrote:
> The client identity checks when "HTTPS" endpoint identification algorithm is
> set on SSL server throws "java.security.cert.CertificateException: No subject
> alternative names present" when client
The client identity checks when "HTTPS" endpoint identification algorithm is
set on SSL server throws "java.security.cert.CertificateException: No subject
alternative names present" when client certificate's SubjectAltName extension
does not match its IP address
Since the server has no external
On Thu, 21 Mar 2024 09:23:43 GMT, Prajwal Kumaraswamy
wrote:
> This fix intends to eliminate additional library call to C_EncryptInit or
> C_DecryptInit for Ciphers running through the CKM_AES_GCM.
>
> Background:
>
> There are two types of CK_GCM_PARAMS struct that are
On Thu, 9 May 2024 20:59:25 GMT, Valerie Peng wrote:
> Please make sure the testing covers old and new NSS versions just to be safe.
> Thanks!
Done, I have attached test results of old and new NSS, However I have also
tested few other NSS between 3.46 and the latest one
[nsstest.zip](https://g
On Thu, 9 May 2024 19:40:31 GMT, Valerie Peng wrote:
>> Prajwal Kumaraswamy has updated the pull request with a new target base due
>> to a merge or a rebase. The incremental webrev excludes the unrelated
>> changes brought in by the merge/rebase. The pull request contains th
On Mon, 25 Mar 2024 10:02:18 GMT, Daniel JeliĆski wrote:
>> Prajwal Kumaraswamy has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> use getversion instead to get spec version
>
> src/jdk.crypto.cryptoki/sha
ip](https://github.com/openjdk/jdk/files/14692787/nss_logs.zip)
>
> Our existing tests like sun/security/pkcs11/Cipher/TestKATForGCM.java already
> tests the functionality and I have used the same for internal testing
Prajwal Kumaraswamy has updated the pull request incrementally with one
ip](https://github.com/openjdk/jdk/files/14692787/nss_logs.zip)
>
> Our existing tests like sun/security/pkcs11/Cipher/TestKATForGCM.java already
> tests the functionality and I have used the same for internal testing
Prajwal Kumaraswamy has updated the pull request with a new targe
ip](https://github.com/openjdk/jdk/files/14692787/nss_logs.zip)
>
> Our existing tests like sun/security/pkcs11/Cipher/TestKATForGCM.java already
> tests the functionality and I have used the same for internal testing
Prajwal Kumaraswamy has updated the pull request with a new targe
On Mon, 25 Mar 2024 21:05:07 GMT, Valerie Peng wrote:
> > > Now that we are going with the normative version first, maybe we should
> > > make additional changes to clean up the flow further?Say,
> > >
> > > 1. update `jGCMParamsToCKGCMParamPtr(JNIEnv *env, jobject jParam,
> > > CK_ULONG *pLen
On Fri, 22 Mar 2024 23:17:51 GMT, Valerie Peng wrote:
> Now that we are going with the normative version first, maybe we should make
> additional changes to clean up the flow further?Say,
>
> 1. update `jGCMParamsToCKGCMParamPtr(JNIEnv *env, jobject jParam, CK_ULONG
> *pLength)` to allocate th
This fix intends to eliminate additional library call to C_EncryptInit or
C_DecryptInit for Ciphers running through the CKM_AES_GCM.
Background:
There are two types of CK_GCM_PARAMS struct that are used, one with IV bits and
the other without it.
Initially there was issue in NSS library, due
Hi All,
Can anyone please review this MR https://github.com/openjdk/jdk/pull/17742
Thanks,
Prajwal
On Wed, 7 Feb 2024 06:36:10 GMT, Prajwal Kumaraswamy
wrote:
> During the time of server certificate validation, users have the flexibility
> to use a custom X509 Key Manager implementation by extending
> "X509ExtendedKeyManager.".
> In such cases, prin
On Thu, 8 Feb 2024 09:13:18 GMT, Prajwal Kumaraswamy
wrote:
>> I have changed the title to reflect the specific change made here.
>> I'll make changes in createServerPossession as well.
>
> I have made changes and attached the testing snapshots in a zip file attached
On Thu, 8 Feb 2024 09:11:14 GMT, Prajwal Kumaraswamy
wrote:
>> During the time of server certificate validation, users have the flexibility
>> to use a custom X509 Key Manager implementation by extending
>> "X509ExtendedKeyManager.".
>> In such
iles/14206695/x509_log_testing.zip)
>
> Also, the internal test runs against this fix are green
Prajwal Kumaraswamy has updated the pull request with a new target base due to
a merge or a rebase. The incremental webrev excludes the unrelated changes
brought in by the merge/rebase. The pull
On Thu, 8 Feb 2024 09:11:14 GMT, Prajwal Kumaraswamy
wrote:
>> During the time of server certificate validation, users have the flexibility
>> to use a custom X509 Key Manager implementation by extending
>> "X509ExtendedKeyManager.".
>> In such
On Wed, 7 Feb 2024 15:27:46 GMT, Prajwal Kumaraswamy
wrote:
>> src/java.base/share/classes/sun/security/ssl/X509Authentication.java line
>> 205:
>>
>>> 203: X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager();
>>> 204: if (S
https://github.com/openjdk/jdk/files/14189852/x509_screen_shot_testing.zip)
>
> Also, the internal test runs against this fix are green
Prajwal Kumaraswamy has updated the pull request with a new target base due to
a merge or a rebase. The incremental webrev excludes the unrelated changes
brought in by the merge
On Wed, 7 Feb 2024 14:19:03 GMT, Sean Coffey wrote:
>> During the time of server certificate validation, users have the flexibility
>> to use a custom X509 Key Manager implementation by extending
>> "X509ExtendedKeyManager.".
>> In such cases, printing the class name in X509Authentication.java
On Wed, 7 Feb 2024 14:19:27 GMT, Sean Coffey wrote:
>> During the time of server certificate validation, users have the flexibility
>> to use a custom X509 Key Manager implementation by extending
>> "X509ExtendedKeyManager.".
>> In such cases, printing the class name in X509Authentication.java
During the time of server certificate validation, users have the flexibility to
use a custom X509 Key Manager implementation by extending
"X509ExtendedKeyManager.".
In such cases, printing the class name in X509Authentication.java will be
helpful to trace any failure of the SSL connection due to
27 matches
Mail list logo
