Code review request: 6988842 jce/ECC test fails for SunPKCS11 provider using nss library

Vincent Ryan vincent.x.ryan at
Fri Mar 2 13:14:16 PST 2012

On 02/03/2012 19:40, Valerie (Yu-Ching) Peng wrote:
> Vinnie,
> Would it clearer to name the new configuration option
> "minLibraryVersion" instead of "libraryVersionCheck"?

I based the name of the option on the common NSS method called

> Would it help to include the required minimum value in the exception
> message in

I can do that.

> Also, do you know what's the nss version that's commonly available on
> our Solaris and Linux machines based on your testing?

Our test machines are setup as follows:
     Linux has NSS
     Solaris has NSS
     Windows has no NSS but we include the NSS 3.13.1 libraries

> Has there a doc bug been filed for updating our PKCS11 doc w/ this new
> configuration option as well as the minimum NSS version requirement?

It's not a requirement - it's used by our PKCS11 regression tests.
If the option is not specified then no check is performed.

I'll file a docs bug.

> Thanks,
> Valerie
> On 03/02/12 04:23, Vincent Ryan wrote:
>> On 03/ 2/12 12:22 PM, Vincent Ryan wrote:
>>> Please review the fix for:
>>> 6988842 jce/ECC test fails for SunPKCS11 provider using nss library
>>> It is the long overdue refresh of the NSS libraries that we include in
>>> the JDK regression test suite. One significant change is that the
>>> NSS libraries are now obtained from the OS on Solaris and Linux.
>>> On Windows the libraries continue to be supplied.
>>> Thanks.
>> And the webrev:

More information about the security-dev mailing list