Code review request: 6988842 jce/ECC test fails for SunPKCS11 provider using nss library
Vincent Ryan
vincent.x.ryan at oracle.com
Fri Mar 2 13:14:16 PST 2012
On 02/03/2012 19:40, Valerie (Yu-Ching) Peng wrote:
> Vinnie,
>
> Would it clearer to name the new configuration option
> "minLibraryVersion" instead of "libraryVersionCheck"?
I based the name of the option on the common NSS method called
NSS_VersionCheck()
> Would it help to include the required minimum value in the exception
> message in SunPKCS11.java?
I can do that.
>
> Also, do you know what's the nss version that's commonly available on
> our Solaris and Linux machines based on your testing?
Our test machines are setup as follows:
Linux has NSS 3.12.2.0
Solaris has NSS 3.12.6.2
Windows has no NSS but we include the NSS 3.13.1 libraries
>
> Has there a doc bug been filed for updating our PKCS11 doc w/ this new
> configuration option as well as the minimum NSS version requirement?
>
It's not a requirement - it's used by our PKCS11 regression tests.
If the option is not specified then no check is performed.
I'll file a docs bug.
> Thanks,
> Valerie
>
> On 03/02/12 04:23, Vincent Ryan wrote:
>> On 03/ 2/12 12:22 PM, Vincent Ryan wrote:
>>> Please review the fix for:
>>> 6988842 jce/ECC test fails for SunPKCS11 provider using nss library
>>>
>>> It is the long overdue refresh of the NSS libraries that we include in
>>> the JDK regression test suite. One significant change is that the
>>> NSS libraries are now obtained from the OS on Solaris and Linux.
>>> On Windows the libraries continue to be supplied.
>>>
>>> Thanks.
>>>
>> And the webrev:
>> http://cr.openjdk.java.net/~vinnie/6988842/webrev.00/
>
More information about the security-dev
mailing list