8325024: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java incorrect
comment information
-
Commit messages:
- 8325024: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java
incorrect comment information
Changes: https://git.openjdk.org/jdk/pull/17646/files
Webrev: h
> Please review this patch that fixes a memory leak in P11TlsPrfGenerator,
> which is triggered during TLS1.2 Finished message generation and verification.
>
> The patch changes C_SignInit JNI method to free the mechanism data
> immediately after use. This matches the behavior of other Init meth
On Fri, 26 Jan 2024 10:04:11 GMT, Daniel Jeliński wrote:
> Please review this patch that fixes a memory leak in P11TlsPrfGenerator,
> which is triggered during TLS1.2 Finished message generation and verification.
>
> The patch changes C_SignInit JNI method to free the mechanism data
> immediat
On Thu, 25 Jan 2024 22:01:48 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
On Thu, 25 Jan 2024 22:01:48 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
On Wed, 31 Jan 2024 07:42:32 GMT, John Jiang wrote:
> If the server doesn't receive the client certificate for required client
> authentication, it should raise error `Empty client certificate chain`.
Looks good.
-
Marked as reviewed by jnimeh (Reviewer).
PR Review: https://git.o
On Wed, 31 Jan 2024 07:42:32 GMT, John Jiang wrote:
> If the server doesn't receive the client certificate for required client
> authentication, it should raise error `Empty client certificate chain`.
Marked as reviewed by hchao (Committer).
LGTM
-
PR Review: https://git.openjdk.
On Wed, 24 Jan 2024 15:42:05 GMT, Oli Gillespie wrote:
> A typical call to `new SecureRandom()` is slowed down by looking for a
> constructor in NativePRNG which takes `java.security.SecureRandomParameters`.
> NativePRNG does not have such a constructor, so the search fails
> [here](https://gi
On Wed, 24 Jan 2024 18:05:50 GMT, Oli Gillespie wrote:
>> Avoid expensive `Class.forName` call when constructing Providers such as
>> `SecureRandom` which take constructor parameters. This can easily be cached
>> in EngineDescription (this cache already existed before, it was removed in
>> [JD
On Wed, 31 Jan 2024 07:42:32 GMT, John Jiang wrote:
> If the server doesn't receive the client certificate for required client
> authentication, it should raise error `Empty client certificate chain`.
Looks good, but could you also fix the messages on line 406 and 1227?
-
Marked a
On Wed, 31 Jan 2024 17:23:42 GMT, Weijun Wang wrote:
> How about just using class literals? There is no need to call
> `Class.forName`, at least not now since they are all inside `java.base`.
Thanks :). That seems sensible if writing from scratch, but that part I'm just
reviving from [JDK-8280
On Wed, 24 Jan 2024 18:05:50 GMT, Oli Gillespie wrote:
>> Avoid expensive `Class.forName` call when constructing Providers such as
>> `SecureRandom` which take constructor parameters. This can easily be cached
>> in EngineDescription (this cache already existed before, it was removed in
>> [JD
On Wed, 24 Jan 2024 15:42:05 GMT, Oli Gillespie wrote:
> A typical call to `new SecureRandom()` is slowed down by looking for a
> constructor in NativePRNG which takes `java.security.SecureRandomParameters`.
> NativePRNG does not have such a constructor, so the search fails
> [here](https://gi
On Wed, 31 Jan 2024 08:19:55 GMT, SendaoYan wrote:
> 8325024: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java incorrect
> comment information
Looks good, but please label the JBS bug with noreg-trivial.
-
Marked as reviewed by jnimeh (Reviewer).
PR Review: https://git.
On Wed, 24 Jan 2024 18:05:50 GMT, Oli Gillespie wrote:
>> Avoid expensive `Class.forName` call when constructing Providers such as
>> `SecureRandom` which take constructor parameters. This can easily be cached
>> in EngineDescription (this cache already existed before, it was removed in
>> [JD
On Wed, 24 Jan 2024 18:05:50 GMT, Oli Gillespie wrote:
>> Avoid expensive `Class.forName` call when constructing Providers such as
>> `SecureRandom` which take constructor parameters. This can easily be cached
>> in EngineDescription (this cache already existed before, it was removed in
>> [JD
> Refactored PKCS9Attribute to use a hash map instead of multiple arrays. The
> key for the hash map is an `ObjectIdentifier` and the values are a record
> `AttributeInfo` that stores the information previously contained in the
> arrays `PKCS9_VALUE_TAGS`, `VALUE_CLASSES`, and `SINGLE_VALUED`.
> Refactored PKCS9Attribute to use a hash map instead of multiple arrays. The
> key for the hash map is an `ObjectIdentifier` and the values are a record
> `AttributeInfo` that stores the information previously contained in the
> arrays `PKCS9_VALUE_TAGS`, `VALUE_CLASSES`, and `SINGLE_VALUED`.
On Wed, 31 Jan 2024 18:18:30 GMT, Ben Perez wrote:
>> Refactored PKCS9Attribute to use a hash map instead of multiple arrays. The
>> key for the hash map is an `ObjectIdentifier` and the values are a record
>> `AttributeInfo` that stores the information previously contained in the
>> arrays `P
On Wed, 24 Jan 2024 18:05:50 GMT, Oli Gillespie wrote:
>> Avoid expensive `Class.forName` call when constructing Providers such as
>> `SecureRandom` which take constructor parameters. This can easily be cached
>> in EngineDescription (this cache already existed before, it was removed in
>> [JD
> If the server doesn't receive the client certificate for required client
> authentication, it should raise error `Empty client certificate chain`.
John Jiang has updated the pull request incrementally with one additional
commit since the last revision:
fix more error messages
-
On Wed, 31 Jan 2024 20:07:28 GMT, John Jiang wrote:
>> If the server doesn't receive the client certificate for required client
>> authentication, it should raise error `Empty client certificate chain`.
>
> John Jiang has updated the pull request incrementally with one additional
> commit since
On Wed, 31 Jan 2024 20:07:28 GMT, John Jiang wrote:
>> If the server doesn't receive the client certificate for required client
>> authentication, it should raise error `Empty client certificate chain`.
>
> John Jiang has updated the pull request incrementally with one additional
> commit since
> Refactored PKCS9Attribute to use a hash map instead of multiple arrays. The
> key for the hash map is an `ObjectIdentifier` and the values are a record
> `AttributeInfo` that stores the information previously contained in the
> arrays `PKCS9_VALUE_TAGS`, `VALUE_CLASSES`, and `SINGLE_VALUED`.
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Wed, 31 Jan 2024 15:33:28 GMT, Weijun Wang wrote:
> Do you intend to call `addIdentitiesToKeystore` for both store types?
Yes, you are right. Thank you. We do not need private identities in the root
keystore. Updated
-
PR Comment: https://git.openjdk.org/jdk/pull/16722#issuecom
On Wed, 31 Jan 2024 15:08:09 GMT, Weijun Wang wrote:
> Great! The change looks good. Can you manage to add a test? Maybe try to load
> both store types. Make sure they have different contents and not empty (?).
Thank you. I have updated `java/security/KeyStore/CheckMacOSKeyChainTrust.java`
tes
On Wed, 31 Jan 2024 10:23:22 GMT, Daniel Jeliński wrote:
>> Please review this patch that fixes a memory leak in P11TlsPrfGenerator,
>> which is triggered during TLS1.2 Finished message generation and
>> verification.
>>
>> The patch changes C_SignInit JNI method to free the mechanism data
>>
On Wed, 31 Jan 2024 17:48:19 GMT, Jamil Nimeh wrote:
> Looks good, but please label the JBS bug with noreg-trivial.
Done
-
PR Comment: https://git.openjdk.org/jdk/pull/17646#issuecomment-1920357757
On Wed, 31 Jan 2024 20:43:31 GMT, Bernd wrote:
>> John Jiang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> fix more error messages
>
> src/java.base/share/classes/sun/security/ssl/CertificateMessage.java line 389:
>
>> 387:
On Wed, 31 Jan 2024 07:42:32 GMT, John Jiang wrote:
> If the server doesn't receive the client certificate for required client
> authentication, it should raise error `Empty client certificate chain`.
This pull request has now been integrated.
Changeset: fe78c0f1
Author:John Jiang
URL:
On Wed, 31 Jan 2024 08:19:55 GMT, SendaoYan wrote:
> 8325024: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java incorrect
> comment information
Marked as reviewed by fyang (Reviewer).
Looks good and trivial.
-
PR Review: https://git.openjdk.org/jdk/pull/17646#pullrequest
On Wed, 31 Jan 2024 08:19:55 GMT, SendaoYan wrote:
> 8325024: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java incorrect
> comment information
This pull request has now been integrated.
Changeset: 432756b6
Author:SendaoYan
Committer: Fei Yang
URL:
https://git.openjdk.org
33 matches
Mail list logo
