[7u] Request for approval for two PKI bug fixes: 8011867 and 8011745
Seán Coffey
sean.coffey at oracle.com
Mon Apr 15 03:09:19 PDT 2013
Thanks for the clarification Weijun. Approved.
regards,
Sean.
On 15/04/2013 09:44, Weijun Wang wrote:
> Hi Sean
>
> I don't think this is a spec change. There is no such low-level spec
> on what kinds of PKCS #9 attribute or CertificateChoices we should
> support. The data structures themselves were defined long time ago
> (RFC 2630 on 1999, RFC 2985 on 2000) before JDK 7.
>
> Yes, there will be behavior change but since both code changes are
> about accepting formerly-unknown data types, we will only see less
> exception than before. The main reason I want to fix these 2 bugs is
> because our own jarsigner tool fails on modern TSA servers.
>
> All related api/java_security JCK tests pass, according to the
> jck_runtime results reported by SQE's nightly runs on jdk8/tl builds.
>
> Thanks
> Weijun
>
> On 4/15/13 3:52 PM, Seán Coffey wrote:
>> Weijun,
>>
>> would you regard this fix as a spec change for an update release ? Do
>> docs specify what PKI related data types the JDK supports anywhere ? I'm
>> just wondering if this could introduce an unexpected behavioural change
>> for some applications. Have all related TCK tests been run ?
>>
>> regards,
>> Sean.
>>
>> On 15/04/2013 03:11, Weijun Wang wrote:
>>> Hi All
>>>
>>> This is a request to backport 2 jdk8 fixes into jdk7u.
>>>
>>> 8011867: Accept unknown PKCS #9 attributes
>>>
>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8011867
>>>
>>> 8011745: Unknown CertificateChoices
>>>
>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8011745
>>>
>>> Both bugs are about parsing PKI-related data. Previously unsupported
>>> data types are now either supported or ignored without throw an
>>> exception.
>>>
>>> The fix is already included in jdk8 as:
>>>
>>> http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0ab22e58d151
>>> http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1c3fff140324
>>>
>>> Both reviewed by vinnie. The patch for jdk7uXXX is identical to the
>>> one in jdk8.
>>>
>>> Thanks
>>> Weijun
>>
More information about the jdk7u-dev
mailing list