headers
yu | 1 Apr 2008 01:51
Picon

[security-dev 00133]: hg: jdk7/jsn/jdk: 3 new changesets

Changeset: 17e93b7fb97d
Author:    valeriep
Date:      2008-03-31 16:12 -0700
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/17e93b7fb97d

6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
Summary: Fixed PKCS5Padding class with additional check and throw BadPaddingException if the check failed
Reviewed-by: wetmore

! src/share/classes/sun/security/pkcs11/P11Cipher.java

Changeset: c063b7fb55f7
Author:    valeriep
Date:      2008-03-31 16:16 -0700
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/c063b7fb55f7

6682417: JCK test failed w/ ProviderException when decrypted data is not multiple of blocks
Summary: Check for CKR_ENCRYPTED_DATA_LEN_RANGE and throw IllegalBlockSizeException
Reviewed-by: wetmore

! src/share/classes/sun/security/pkcs11/P11Cipher.java

Changeset: 99b3301fc27c
Author:    valeriep
Date:      2008-03-31 16:50 -0700
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/99b3301fc27c

Merge
(Continue reading)

Permalink | Reply | 0 comments |
headers
xuelei.fan | 3 Apr 2008 04:47
Picon

[security-dev 00134]: hg: jdk7/jsn/jdk: 6668231: Presence of a critical subjectAltName causes JSSE's SunX509 to fail trusted checks

Changeset: df5d7e6ac15e
Author:    xuelei
Date:      2008-04-02 22:44 -0400
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/df5d7e6ac15e

6668231: Presence of a critical subjectAltName causes JSSE's SunX509 to fail trusted checks
Summary: make the critical extension known to end entity checker.
Reviewed-by: wetmore, mullan

! src/share/classes/sun/security/validator/EndEntityChecker.java
+ test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java
+ test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/crisubn.jks
+ test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/trusted.jks
Permalink | Reply | 0 comments |
headers
bradford.wetmore | 6 Apr 2008 19:22
Picon

hg: jdk7/jsn/jdk: 6683078: Update JCE framework and provider builds to work on read-only filesystems; ...

Changeset: b70fc43afb8c
Author:    wetmore
Date:      2008-04-06 10:15 -0700
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/b70fc43afb8c

6683078: Update JCE framework and provider builds to work on read-only filesystems
6644659: Error in default target of make/javax/crypto in OpenJDK build
Reviewed-by: valeriep, ohair

! make/com/sun/crypto/provider/Makefile
! make/common/shared/Defs.gmk
! make/javax/crypto/Defs-jce.gmk
! make/javax/crypto/Makefile
! make/sun/security/mscapi/Makefile
! make/sun/security/pkcs11/Makefile
Permalink | Reply | 0 comments |
headers
weijun.wang | 10 Apr 2008 14:00
Picon

hg: jdk7/jsn/jdk: 6675606: javax.security.auth.login.Configuration does not recognize path with spaces

Changeset: ad75c4b21d63
Author:    weijun
Date:      2008-04-10 19:58 +0800
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/ad75c4b21d63

6675606: javax.security.auth.login.Configuration does not recognize path with spaces
Reviewed-by: chegar, xuelei

! src/share/classes/com/sun/security/auth/login/ConfigFile.java
+ test/javax/security/auth/login/Configuration/ConfigFileWithBlank.java
Permalink | Reply | 0 comments |
headers
xuelei.fan | 11 Apr 2008 09:34
Picon

hg: jdk7/jsn/jdk: 6546639: (spec)javax.net.ssl.SSLContext.getInstance(null) throws undocumented NPE

Changeset: c0eb84957bea
Author:    xuelei
Date:      2008-04-11 03:33 -0400
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/c0eb84957bea

6546639: (spec)javax.net.ssl.SSLContext.getInstance(null) throws undocumented NPE
Summary: add NullPointerException description to those methods.
Reviewed-by: weijun

! src/share/classes/javax/net/ssl/SSLContext.java
Permalink | Reply | 0 comments |
headers
xuelei.fan | 11 Apr 2008 09:43
Picon

[security-dev 00140]: hg: jdk7/jsn/jdk: 6546671: (spec)javax.net.ssl.TrustManagerFactory.getInstance() throws undocumented NP; ...

Changeset: da9fa1fa9b95
Author:    xuelei
Date:      2008-04-11 03:43 -0400
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/da9fa1fa9b95

6546671: (spec)javax.net.ssl.TrustManagerFactory.getInstance() throws undocumented NP
5053895: (spec) Unspecified IllegalStateException in TrustManagerFactory
Summary: add NullPointerException/IllegalStateException description
Reviewed-by: weijun

! src/share/classes/javax/net/ssl/TrustManagerFactory.java
! src/share/classes/javax/net/ssl/TrustManagerFactorySpi.java
Permalink | Reply | 0 comments |
headers
xuelei.fan | 11 Apr 2008 09:51
Picon

[security-dev 00141]: hg: jdk7/jsn/jdk: 6571950: SSLSocket(raddr, rport, laddr, lport) allows null as laddr that spec doesn't reflect

Changeset: 143e1a9b51a9
Author:    xuelei
Date:      2008-04-11 03:50 -0400
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/143e1a9b51a9

6571950: SSLSocket(raddr, rport, laddr, lport) allows null as laddr that spec doesn't reflect
Summary: add the description that while the local address parameter is null, anyLocalAddress will be used instead.
Reviewed-by: weijun

! src/share/classes/java/net/Socket.java
! src/share/classes/javax/net/ssl/SSLSocket.java
Permalink | Reply | 0 comments |
headers
sean.mullan | 14 Apr 2008 16:43
Picon

[security-dev 00143]: hg: jdk7/jsn/jdk: 2 new changesets

Changeset: aabdc646cb31
Author:    mullan
Date:      2008-04-14 10:25 -0400
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/aabdc646cb31

6631361: Spec of AccessControlContext constructor is not complete
Summary: Add NullPointerException to  <at> throws clause and treat empty array and array of nulls as equivalent
Reviewed-by: valeriep

! src/share/classes/java/security/AccessControlContext.java
+ test/java/security/AccessControlContext/CheckCtor.java

Changeset: b627c3efd97c
Author:    mullan
Date:      2008-04-14 10:41 -0400
URL:       http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/b627c3efd97c

Merge
Permalink | Reply | 0 comments |
headers
Jean-Christophe Collet | 15 Apr 2008 14:23
Picon

Code review for 6644726: Cookie management issues

Here are my proposed changes to fix 6644726
It does fix all 7 issues listed in the CR (see 
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6644726 for details) 
and adds a proper regression test.

The short list is:

- support for more 'expires' date format
- enforce 'secure' cookies
- enforce the 'port' optional attribute
- set a default 'path' when none is specified as per RFC requirement
- do not apply strict RFC 2965 rules for domain matching when cookie 
version is 0 (aka Netscape compliant cookies)
- set a default path for cookies
- do not use scheme and port for identifying cookies (i.e. cookies cross 
over protocols like http & https, or ports)

Patch attached below.
Attachment (jdk.patch): text/x-patch, 26 KiB
Permalink | Reply | 1 comment |
headers
Christopher Hegarty - Sun Microsystem | 15 Apr 2008 15:47
Picon

6659779 code review

Hi Michael, Jessie,

Can I please get a code review for CR 6659779. This trivially adds 
logger invocations to log tunnel requests, ie. HTTP CONNECT.

-Chris.

--- old/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Tue Apr 15 13:59:44 2008
+++ new/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Tue Apr 15 13:59:43 2008
 <at>  <at>  -1450,6 +1450,9  <at>  <at> 
                 // so ProgressSource is null.
                 http.parseHTTP(responses, null, this);

+                /* Log the response to the CONNECT */
+                logger.fine(responses.toString());
+
                 statusLine = responses.getValue(0);
                 StringTokenizer st = new StringTokenizer(statusLine);
                 st.nextToken();
 <at>  <at>  -1563,6 +1566,10  <at>  <at> 
         requests.setIfNotSet("Accept", acceptString);

         setPreemptiveProxyAuthentication(requests);
+
+         /* Log the CONNECT request */
+        logger.fine(requests.toString());
+
         http.writeRequests(requests, null);
         // remove CONNECT header
(Continue reading)

Permalink | Reply | 1 comment |

Gmane