[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-security-dev
Subject: Re: Code Review Request JDK-8170329 New SSLSocket testing template
From: Sean Mullan <sean.mullan () oracle ! com>
Date: 2016-11-29 13:22:49
Message-ID: 632e2e00-591a-542d-cadc-4d8ce45f6742 () oracle ! com
[Download RAW message or body]
On 11/27/16 7:43 AM, Xuelei Fan wrote:
> On 11/27/2016 6:04 PM, Wang Weijun wrote:
>> This is not only a test update.
>>
> No, I happened to find an implementation issue with the new test, so fix
> it altogether. The issue is that the simple validator
> (SimpleValidator.java) does not support SKID/AKID during cert path
> build. If two trusted certs has the same subject, the simple validator
> may not be able to find the right one.
We have had issues in the PKIX CertPathBuilder with matching on
AKID/SKID when building certpaths, so we want to be careful not to
introduce a similar issue. See this bug for more information:
https://bugs.openjdk.java.net/browse/JDK-8072463
I have not reviewed the fix enough to know if this issue applies here
but please double-check it.
--Sean
>
> Thanks,
> Xuelei
>
>>> On Nov 27, 2016, at 9:35 AM, Xuelei Fan <xuelei.fan@oracle.com> wrote:
>>>
>>> Hi,
>>>
>>> Please review this test update:
>>>
>>> http://cr.openjdk.java.net/~xuelei/8170329/webrev.00/
>>>
>>> The new template (SSLSocketTemplate.java) could be used to avoid the
>>> anti-free-port issues. By using sub-classes of it, the new one can
>>> simplify the general SSLSocket test code significantly.
>>>
>>> Thanks,
>>> Xuelei
>>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic