[PATCH] 6647452: Remove obfuscation, framework and provider self-verification checking
Andrew Hughes
gnu.andrew at redhat.com
Thu Nov 27 16:46:30 UTC 2014
----- Original Message -----
> On 26/11/14 21:49, Andrew Hughes wrote:
> > As it's basically removing a no-op, this shouldn't actually change
> > anything much, but will make other planned backports easier and
> > perhaps help performance very slightly in removing some completely
> > unnecessary method calls.
>
> Ah, thanks. I was thinking "Why on Earth does he want to change
> this code now?" but I accept the argument about backports.
>
> Andrew.
>
>
Yes. Specifically, there are two issues I'd like to resolve in OpenJDK 6
that have already been resolved in IcedTea; allowing unlimited policy
cryptography (which should then allow a TCK pass) and allowing larger
key sizes, so interoperability with other SSL implementations can be
maintained (specifically, Apache now requires a minimum DH key size of
2048 by default).
Most of the patches for the key size changes rub up against these
verification calls which occur in every constructor in OpenJDK 6, but
have been removed in 7. Moreover, a few new constructors are added
without such calls. For the IcedTea6 backport, I just left the existing
calls in place, but this leaves an inconsistent situation where some
constructors have calls and some don't, and we have don't have a way
of testing this code as it's used in the proprietary build. So, for
OpenJDK 6, I thought it would be cleaner to backport this first.
Thanks,
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the jdk6-dev
mailing list