On Tue, 19 Mar 2024 07:13:19 GMT, Prasadrao Koppula
wrote:
> JDK server does not send a dummy change_cipher_spec record after
> HelloRetryRequest message.
>
> According to RFC 8446 (Middlebox Compatibility Mode), if the client sends a
> non-empty session ID in the ClientHello message, the ser
On Thu, 21 Mar 2024 20:17:29 GMT, Sean Mullan wrote:
> Thanks for doing this - I think it is a fine idea to have a fallback option
> to use POST. It does need a CSR though since you are introducing a new system
> property.
All right, good! How do you feel about the option name? Would like to a
On Thu, 21 Mar 2024 17:23:44 GMT, Martin Balao wrote:
>> Hi,
>>
>> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
>> keys from the NSS Software Token". See more details in the JBS ticket [1].
>>
>> No regressions observed in jdk/sun/security/pkcs11.
>>
>> Thanks,
On Thu, 21 Mar 2024 20:38:22 GMT, Weijun Wang wrote:
>> Sean Coffey has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains 12 additional
>> commits sin
On Fri, 22 Mar 2024 09:36:35 GMT, Sean Coffey wrote:
>> src/java.base/share/classes/sun/security/util/Debug.java line 191:
>>
>>> 189: if (printDateTime && !dateTimeFormatInitialized) {
>>> 190: // trigger loading of Locale service impl now to avoid
>>> 191: // po
On Fri, 22 Mar 2024 12:18:49 GMT, Sean Coffey wrote:
>> It's still necessary I'm afraid. During an early classloader operation, the
>> Security class can be triggered which causes security properties to be read.
>> If debugging is enabled, this triggers loading of CLDR service. Quite a long
>>
On Fri, 22 Mar 2024 13:29:06 GMT, Weijun Wang wrote:
>> Turns out that it's the
>> `java.time.format.DateTimeFormatterBuilder.ZoneTextPrinterParser#format`
>> call that triggers the early initialization of the CLDR service (via a
>> `getDisplayName` call)
>>
>> We can avoid this call if we pr
On Fri, 22 Mar 2024 07:52:08 GMT, Aleksey Shipilev wrote:
> > Thanks for doing this - I think it is a fine idea to have a fallback option
> > to use POST. It does need a CSR though since you are introducing a new
> > system property.
>
> All right, good! How do you feel about the option name?
> See the rationale/discussion in the bug. This patch introduces the option
> that allows to restore
> pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The
> default behavior does not change. Better suggestions for flag name are
> welcome.
>
> Additional testing:
> - [
On Fri, 22 Mar 2024 14:04:34 GMT, Aleksey Shipilev wrote:
>> See the rationale/discussion in the bug. This patch introduces the option
>> that allows to restore
>> pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The
>> default behavior does not change. Better suggestio
> See the rationale/discussion in the bug. This patch introduces the option
> that allows to restore
> pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The
> default behavior does not change. Better suggestions for flag name are
> welcome.
>
> Additional testing:
> - [
On Wed, 20 Mar 2024 03:39:58 GMT, Martin Balao wrote:
> Hi,
>
> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
> keys from the NSS Software Token". See more details in the JBS ticket [1].
>
> No regressions observed in jdk/sun/security/pkcs11.
>
> Thanks,
> Martin
> Proposal to improve the `java.security.debug` output so that options exist to
> add thread ID, thread name, source of log record and a timestamp information
> to the output.
>
> examples:
> format without patch :
>
>
> properties: Initial security property:
> package.definition=sun.misc.,su
On Fri, 22 Mar 2024 16:27:38 GMT, Sean Coffey wrote:
>> Proposal to improve the `java.security.debug` output so that options exist
>> to add thread ID, thread name, source of log record and a timestamp
>> information to the output.
>>
>> examples:
>> format without patch :
>>
>>
>> propertie
Fix updates these tests to use OCSP or CRL revocation check with failover
enabled. Intermediate root CA "WE3" doesn't specify OCSP responder in AIA
extension. Check https://good.gsr4.demo.pki.goog/ for example.
-
Commit messages:
- Googles CAInterop test failures
Changes: https://
On Thu, 14 Mar 2024 15:53:23 GMT, Weijun Wang wrote:
>> This fixes the defect described at
>> https://bugs.openjdk.org/browse/JDK-8313367
>>
>> If the process does not have write permissions, the store is opened as
>> read-only (instead of failing).
>>
>> Please note that permissions to use a
On Fri, 22 Mar 2024 18:43:11 GMT, MustavData wrote:
>> I also noticed a different problem. No matter if privileged or unprivileged,
>> `keytool -genkeypair -storetype Windows-My-LOCALMACHINE` works successfully
>> but the entries are actually created in Windows-MY-CURRENTUSER. This is
>> unrel
On Wed, 20 Mar 2024 19:45:32 GMT, Weijun Wang wrote:
>> rebarbora-mckvak has updated the pull request with a new target base due to
>> a merge or a rebase. The pull request now contains two commits:
>>
>> - 8313367: signHash finds a key in the local machine store
>> - 8313367: Local Computer
> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>
> If the process does not have write permissions, the store is opened as
> read-only (instead of failing).
>
> Please note that permissions to use a certificate in a local machine store
> must be granted - in a m
On Fri, 22 Mar 2024 22:25:47 GMT, rebarbora-mckvak wrote:
>> This fixes the defect described at
>> https://bugs.openjdk.org/browse/JDK-8313367
>>
>> If the process does not have write permissions, the store is opened as
>> read-only (instead of failing).
>>
>> Please note that permissions to
On Thu, 21 Mar 2024 09:23:43 GMT, Prajwal Kumaraswamy
wrote:
> This fix intends to eliminate additional library call to C_EncryptInit or
> C_DecryptInit for Ciphers running through the CKM_AES_GCM.
>
> Background:
>
> There are two types of CK_GCM_PARAMS struct that are used, one with IV bit
On Fri, 22 Mar 2024 22:25:47 GMT, rebarbora-mckvak wrote:
>> This fixes the defect described at
>> https://bugs.openjdk.org/browse/JDK-8313367
>>
>> If the process does not have write permissions, the store is opened as
>> read-only (instead of failing).
>>
>> Please note that permissions to
22 matches
Mail list logo