Backport of JDK-8014618 to JDK6? (Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement)
Alex Bligh
alex at alex.org.uk
Fri Jul 11 10:18:43 UTC 2014
Xulei,
On 11 Jul 2014, at 07:14, Alex Bligh <alex at alex.org.uk> wrote:
> In this case I'm afraid I have confirmed that it is *not* the cause of the
> particular failure we are seeing (the failure turned out to be elsewhere
> after many hours debugging).
>
> However, reading the code it would seem this should still be an issue,
> and if it is an issue should presumably be reproducible using the
> test case at:
> https://bugs.openjdk.java.net/browse/JDK-8014618
>
> I'll have a go at this later if I get some time.
I got some time. I've run over 5,000 iterations of the test without a
single error. I am assuming:
depth=0 CN = test
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = test
verify return:1
is acceptable as an output, i.e. it's still doing the DH key
exchange, because verify errors do not cause s_client to abort.
Given the errors should occur 1 in 256 iterations, I think
we can conclude this bug does not exist in JDK-6.
Apologies for the wasted electrons.
--
Alex Bligh
More information about the jdk6-dev
mailing list