Hello
The topic of getting the certificate chain of a server comes up
repeatably, see for example [1]. While not difficult it's still quite a
bit of code to implement. The JDK also has need for this in keystool and
the code is implemented as a CertStoreSpi in
sun.security.provider.certpath.ssl.SS
On Sun, 2 Feb 2025 19:35:03 GMT, Shaojin Wen wrote:
> During JVM startup, the class KnownOIDs is loaded. KnownOIDs has 10 anonymous
> classes, which slows down the startup. This PR is to improve KnownOIDs and
> eliminate unnecessary embedded classes.
>
>
> Here's how to reproduce this:
>
>
On Mon, 7 Apr 2025 06:34:11 GMT, Jaikiran Pai wrote:
> Can I please get a review of this change which proposes to address the
> increase in memory footprint of an application that uses signed JAR files,
> signed with `SHA-384` digest algorithm? This addresses
> https://bugs.openjdk.org/browse/
On Mon, 7 Apr 2025 06:34:11 GMT, Jaikiran Pai wrote:
> Can I please get a review of this change which proposes to address the
> increase in memory footprint of an application that uses signed JAR files,
> signed with `SHA-384` digest algorithm? This addresses
> https://bugs.openjdk.org/browse/
On Wed, 2 Apr 2025 07:38:34 GMT, Ferenc Rakoczi wrote:
>> By using the AVX-512 vector registers the speed of the computation of the
>> ML-DSA algorithms (key generation, document signing, signature verification)
>> can be approximately doubled.
>
> Ferenc Rakoczi has updated the pull request in
Test javax/security/auth/x500/X500Principal/NameFormat.java fails after
JDK-8349890. The expected results of the failing tests will now change
according to the fix in JDK-8349890.
-
Commit messages:
- 8353945:Test javax/security/auth/x500/X500Principal/NameFormat.java fails
after
On Mon, 7 Apr 2025 06:34:11 GMT, Jaikiran Pai wrote:
> Can I please get a review of this change which proposes to address the
> increase in memory footprint of an application that uses signed JAR files,
> signed with `SHA-384` digest algorithm? This addresses
> https://bugs.openjdk.org/browse/
On Fri, 4 Apr 2025 14:24:09 GMT, Sean Mullan wrote:
> The JBS issue should have a `noreg-self` label. Otherwise fix looks ok.
@seanjmullan thank you! I have updated the JBS issue.
-
PR Comment: https://git.openjdk.org/jdk/pull/23440#issuecomment-2782500576
On Thu, 6 Mar 2025 11:49:12 GMT, Mikhail Yankelevich
wrote:
>> Refactor the following to run fully in java:
>> test/java/security//Security/ClassLoaderDeadlock/ClassLoaderDeadlock.sh
>> test/java/security//Security/ClassLoaderDeadlock/Deadlock.sh
>
> Mikhail Yankelevich has updated the pull requ
On Fri, 4 Apr 2025 17:46:39 GMT, Koushik Muthukrishnan Thirupattur
wrote:
>> **A DESCRIPTION OF THE PROBLEM :**
>> Enabling -Djava.security.debug=x509,ava affects how special characters in
>> certificates are processed. The expected behavior is that debugging should
>> not interfere with the n
On Thu, 6 Feb 2025 15:54:47 GMT, Mikhail Yankelevich
wrote:
>> * fully automated the test
>> * removed the race condition
>> * client on a thread and server on a thread options are now run together
>> automatically
>
> Mikhail Yankelevich has updated the pull request incrementally with one
> a
On Fri, 4 Apr 2025 19:22:46 GMT, Roger Riggs wrote:
>> Now that the Security Manager is permanently disabled, the following
>> permission classes in the core libraries area can be deprecated for removal
>> as they are no longer useful: FilePermission, LinkPermission,
>> LoggingPermission, Prop
On Thu, 3 Apr 2025 18:42:35 GMT, Volodymyr Paprotski
wrote:
> 8353671: Remove dead code missed in JDK-8350459
Also, the JBS issue needs an appropriate `noreg` label.
-
PR Comment: https://git.openjdk.org/jdk/pull/24423#issuecomment-2783550263
On Sat, 5 Apr 2025 19:12:23 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
> Now that the Security Manager is permanently disabled, the following
> permission classes in the core libraries area can be deprecated for removal
> as they are no longer useful: FilePermission, LinkPermission,
> LoggingPermission, PropertyPermission, ReflectPermission, RuntimePermission,
> a
On Tue, 1 Apr 2025 16:40:57 GMT, Koushik Muthukrishnan Thirupattur
wrote:
> **A DESCRIPTION OF THE PROBLEM :**
> Enabling -Djava.security.debug=x509,ava affects how special characters in
> certificates are processed. The expected behavior is that debugging should
> not interfere with the norma
On Fri, 4 Apr 2025 17:46:39 GMT, Koushik Muthukrishnan Thirupattur
wrote:
>> **A DESCRIPTION OF THE PROBLEM :**
>> Enabling -Djava.security.debug=x509,ava affects how special characters in
>> certificates are processed. The expected behavior is that debugging should
>> not interfere with the n
> This fix addresses a performance regression found on some aarch64 processors,
> namely the Apple M1, when we moved to a quarter round parallel implementation
> in JDK-8349106. After making some improvements in the ordering of the
> instructions in the 20-round loop we found that going back to
On Sun, 23 Mar 2025 17:00:43 GMT, Ferenc Rakoczi wrote:
>> By using the aarch64 vector registers the speed of the computation of the
>> ML-KEM algorithms (key generation, encapsulation, decapsulation) can be
>> approximately doubled.
>
> Ferenc Rakoczi has updated the pull request with a new ta
On Mon, 7 Apr 2025 12:49:45 GMT, Sean Mullan wrote:
> I suggest making this a P3 since it sounds like it would be useful to
> backport to 21.
Done - I've marked it as a P3, and I agree that this is worth backporting.
-
PR Comment: https://git.openjdk.org/jdk/pull/24475#issuecommen
On Fri, 4 Apr 2025 22:18:31 GMT, Bradford Wetmore wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> added default deriveData method to SSLKeyDerivation interface and
>> refactored code to remove unused AlgorithmPar
On Fri, 4 Apr 2025 20:44:28 GMT, Artur Barashev wrote:
>> Disable SHA-1 in TLS/DTLS 1.2 handshake signatures (but not in certificate
>> signatures).
>> https://www.rfc-editor.org/rfc/rfc9155.html
>>
>> Also fixing a little TLSv1.3 spec violation bug: ECDSA_SHA1 should not be
>> allowed for han
On Thu, 3 Apr 2025 18:42:35 GMT, Volodymyr Paprotski
wrote:
> 8353671: Remove dead code missed in JDK-8350459
Can you add a link to JDK-8350459 in the JBS issue?
Also, Tony is not available right now to review, so I reviewed and approved it.
-
Marked as reviewed by mullan (Review
23 matches
Mail list logo
