RFR[9] JDK-8168935: sun/security/ssl/SSLContextImpl/TrustTrustedCert.java failed Intermittently

Xuelei Fan xuelei.fan at oracle.com
Wed Dec 21 06:34:23 UTC 2016 


On 12/20/2016 10:12 PM, John Jiang wrote:
> Hi Xuelei,
> Thanks for you comments.
> Please review the updated webrev:
> http://cr.openjdk.java.net/~jjiang/8168935/webrev.01/
>
Looks fine to me.

> The updated version adds method configureServerSocket(SSLServerSocket
> socket) only, because the other two methods has no association to this fix.
> And it looks the existing method runClientApplication(SSLSocket socket)
> could do the same things for method configureClientSocket(SSLSocket
> socket).
>
I think so, too.

Thanks,
Xuelei

> Best regards,
> John Jiang
>
> On 2016/12/21 1:18, Xuelei Fan wrote:
>> Hi John,
>>
>> I was wondering to add three methods in the template:
>> . configureClientSocket(SSLSocket socket)
>> . configureServerSocket(SSLSocket socket)
>> . configureServerSocket(SSLServerSocket socket)
>>
>> However, there was no use of any of them of my previous update, so we
>> did not add them.  Your adding of createSSLServerSocket() looks fine.
>> except that it is not straightfoard that the caller
>> (TrustTrustedCert.java) is calling super.createSSLServerSocket().
>> Would you mind add and update to use
>> configureServerSocket(SSLServerSocket)?
>>
>> Otherwise, looks fine to me.
>>
>> Thanks,
>> Xuelei
>>
>> On 12/20/2016 6:11 AM, John Jiang wrote:
>>> Hi,
>>> In test sun/security/ssl/SSLContextImpl/TrustTrustedCert.java, the
>>> server may wait for the client for a long time, then the test execution
>>> goes to timeout.
>>> This patch takes advantage of
>>> javax/net/ssl/templates/SSLSocketTemplate.java to fix this issue.
>>>
>>> Please note that:
>>> 1. SSLSocketTemplate.java is modified a bit to aid this fix.
>>
>>
>>> 2. Compare with the previous version of TrustTrustedCert.java, the
>>> server side should handle SSLSocketException if the certificates do not
>>> conform to algorithm constraints. That's similar to the scenario on the
>>> client side.
>>>
>>> Webrev: http://cr.openjdk.java.net/~jjiang/8168935/webrev.00/
>>> Issue: https://bugs.openjdk.java.net/browse/JDK-8168935
>>>
>>> Best regards,
>>> John Jiang
>>>
>>
>

More information about the security-dev mailing list