Re: RFR: JDK-8291509 Minor cleanup could be done in sun.security [v7]

2022-09-07 Thread Mark Powers
> https://bugs.openjdk.org/browse/JDK-8291509 Mark Powers has updated the pull request incrementally with one additional commit since the last revision: comments from Max and Sean - Changes: - all: https://git.openjdk.org/jdk/pull/9972/files - new: https://git.openjdk.org/jdk

Re: RFR: 8293232: Fix race condition in pkcs11 SessionManager [v2]

2022-09-07 Thread Valerie Peng
On Wed, 7 Sep 2022 00:18:00 GMT, zzambers wrote: >> There is a race condition in JDK's SessionManager, which can lead to random >> exceptions. >> >> **Exception:** >> >> javax.net.ssl.SSLException: Internal error: close session with active objects >> at java.base/sun.security.ssl.Alert.cr

Re: RFR: 8293232: Fix race condition in pkcs11 SessionManager

2022-09-07 Thread Valerie Peng
On Tue, 6 Sep 2022 22:50:47 GMT, zzambers wrote: >> Thanks for the suggested fix. I share your opinion about the potential race >> condition regarding demoting object session. Will take a look. > > @valeriepeng, Thank you for your review > @zzambers Your change (at version > [713f617](https://

RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint

2022-09-07 Thread Weijun Wang
Provide a new test for an old bug fix. - Commit messages: - new test Changes: https://git.openjdk.org/jdk/pull/10203/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=10203&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8293489 Stats: 80 lines in 1 file changed: 80 in

Re: RFR: 6447816: Provider filtering (getProviders) is not working with OR'd conditions [v2]

2022-09-07 Thread Valerie Peng
On Wed, 7 Sep 2022 01:49:25 GMT, Weijun Wang wrote: >> Well, it depends on how you interpret an empty filter map. If an empty table >> is specified, I'd think it means no criteria is set and all providers can be >> returned as the comment above suggested. >> As this is a corner case, I am ok wi

Re: RFR: 6447816: Provider filtering (getProviders) is not working with OR'd conditions [v2]

2022-09-07 Thread Weijun Wang
On Wed, 7 Sep 2022 17:01:32 GMT, Valerie Peng wrote: >> The spec for this method: >> >> * @return all the installed providers that satisfy the selection >> * criteria, or {@code null} if no such providers have been installed. >> >> My understanding is that you should not return an emp

Re: RFR: 6447816: Provider filtering (getProviders) is not working with OR'd conditions [v2]

2022-09-07 Thread Valerie Peng
On Wed, 7 Sep 2022 17:23:58 GMT, Weijun Wang wrote: >> I see that null is returned instead of an empty Provider array. When an >> empty filter map is specified, I interpret it as no criteria is set and thus >> it should return all providers (which is often non-empty). The condition on >> line

Re: RFR: 6447816: Provider filtering (getProviders) is not working with OR'd conditions [v2]

2022-09-07 Thread Weijun Wang
On Wed, 7 Sep 2022 17:43:52 GMT, Valerie Peng wrote: >> Maybe. But, while all providers is usually non-empty, it could be if a user >> remove all of them. I understand this is a just corner case. > > So, is it about empty all Providers or empty filter map? I only added the > check on latter. Ar

Re: RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint

2022-09-07 Thread Sean Mullan
On Wed, 7 Sep 2022 16:49:50 GMT, Weijun Wang wrote: > Provide a new test for an old bug fix. test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java line 48: > 46: > 47: public static void main(String[] args) throws Exception { > 48: Security.setProperty("jdk.certpat

Re: RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint

2022-09-07 Thread Weijun Wang
On Wed, 7 Sep 2022 18:42:12 GMT, Sean Mullan wrote: >> Provide a new test for an old bug fix. > > test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java line > 48: > >> 46: >> 47: public static void main(String[] args) throws Exception { >> 48: Security.setProperty(

Re: RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint

2022-09-07 Thread Weijun Wang
On Wed, 7 Sep 2022 18:56:42 GMT, Sean Mullan wrote: >> Provide a new test for an old bug fix. > > test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java line > 72: > >> 70: System.out.println("Calling trustmanager..."); >> 71: >> 72: tm.checkServerTrusted(chain,

Re: RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint [v2]

2022-09-07 Thread Weijun Wang
> Provide a new test for an old bug fix. Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: use RSA key, no need to clear disabled alg - Changes: - all: https://git.openjdk.org/jdk/pull/10203/files - new: https://git.ope

Integrated: 8293232: Fix race condition in pkcs11 SessionManager

2022-09-07 Thread zzambers
On Thu, 1 Sep 2022 17:28:40 GMT, zzambers wrote: > There is a race condition in JDK's SessionManager, which can lead to random > exceptions. > > **Exception:** > > javax.net.ssl.SSLException: Internal error: close session with active objects > at java.base/sun.security.ssl.Alert.createSS

Re: RFR: 6447816: Provider filtering (getProviders) is not working with OR'd conditions [v2]

2022-09-07 Thread Valerie Peng
On Wed, 7 Sep 2022 18:42:05 GMT, Weijun Wang wrote: >> So, is it about empty all Providers or empty filter map? I only added the >> check on latter. Are you suggesting to add a check for the former? > > Maybe the former. I just don't want this method to return an empty array, > whatever the rea

Re: RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint [v2]

2022-09-07 Thread Sean Mullan
On Wed, 7 Sep 2022 20:06:01 GMT, Weijun Wang wrote: >> Provide a new test for an old bug fix. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > use RSA key, no need to clear disabled alg Marked as reviewed by mullan (Reviewer

Re: RFR: 6447816: Provider filtering (getProviders) is not working with OR'd conditions [v6]

2022-09-07 Thread Valerie Peng
> Existing provider filtering code only handles two standard attribute > "KeySize" and "ImplementedIn", the rest are compared by exact match. Over > time, more standard attributes are added which contain multiple values > separated by "|". We should enhance the provider filtering code to better

Re: RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint [v3]

2022-09-07 Thread Weijun Wang
> Provide a new test for an old bug fix. Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: remove comment - Changes: - all: https://git.openjdk.org/jdk/pull/10203/files - new: https://git.openjdk.org/jdk/pull/10203/file

Re: RFR: 8293489: Accept CAs with BasicConstraints without pathLenConstraint [v2]

2022-09-07 Thread Weijun Wang
On Wed, 7 Sep 2022 21:08:11 GMT, Sean Mullan wrote: >> Weijun Wang has updated the pull request incrementally with one additional >> commit since the last revision: >> >> use RSA key, no need to clear disabled alg > > test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java line

Integrated: 8293489: Accept CAs with BasicConstraints without pathLenConstraint

2022-09-07 Thread Weijun Wang
On Wed, 7 Sep 2022 16:49:50 GMT, Weijun Wang wrote: > Provide a new test for an old bug fix. This pull request has now been integrated. Changeset: 986b8341 Author:Weijun Wang URL: https://git.openjdk.org/jdk/commit/986b834148f425aa21611814d162a8578b26b502 Stats: 73 lines in 1 fi