RFR 8164881: Add more tests for JDK-8139565.
Artem Smotrakov
artem.smotrakov at oracle.com
Tue Nov 15 22:41:08 UTC 2016
Hi Mallikarjuna,
I have a couple of comments.
1. I see you extract DSA key size from "jdk.certpath.disabledAlgorithms"
security property. I think I would be better not to rely on it, but
expect that keys less than 1024 bits are not allowed by default. You can
pass a boolean parameter to the test which defines what should be expected.
2. We are trying not to use lines more than 80 symbols. Could you please
fix it?
3. Minor: DSAKeys.java line 342, you don't need to specify types for HashMap
4. It is up to you, but it would be good to update the test to use
SSTest.java (see examples in jdk/tests) because we've been seeing
intermittent failures of JSSE tests like this one you are updating
http://hg.openjdk.java.net/jdk9/dev/jdk/file/93fb16cbdf7f/test/javax/net/ssl/templates/SSLTest.java
Artem
On 11/13/2016 09:02 PM, Mallikarjuna Avaluri wrote:
>
> Hi all,
>
> Please review the fix for following issue.
>
> JDK-8164881: Add more tests for JDK-8139565
> https://bugs.openjdk.java.net/browse/JDK-8164881
>
> *Summary:* Currently
> test/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java checks only that
> DSA keys with size of 512 bits are disabled.
> But we also need to check that DSA keys with sizes 1024 & 2048 are
> working fine.
>
>
> *Fix: * Currently test/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java
> checks only that DSA keys with size of 512 bits are disabled.
> Added new tests with DSA keys with size of 960 bits disabled, 1024,
> 2048, 3072 bits enabled.
>
> *Webrev: *
> http://cr.openjdk.java.net/~bgopularam/mavaluri/JDK-8164881/webrev.00/
> <http://cr.openjdk.java.net/%7Ebgopularam/mavaluri/JDK-8164881/webrev.00/>
>
>
> Thanks,
> Mallikarjuna Avaluri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20161115/c994dd99/attachment.htm>
More information about the security-dev
mailing list